Compare commits
54 Commits
d5e697e970
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
48ddaf8630
|
|||
|
cd793f1f01
|
|||
|
fcaf8d3e83
|
|||
|
7022cdc90b
|
|||
|
780c173f9c
|
|||
|
9eb89b486b
|
|||
|
1a203d28aa
|
|||
|
e03dcfc98f
|
|||
|
b2977fd70b
|
|||
|
2a10376336
|
|||
| 779f27d65c | |||
| 3b2e3e1ee7 | |||
| c325fd36cb | |||
| 9fe4976c34 | |||
| 74a5b81951 | |||
| 01b7ee9b05 | |||
| 5ad1696e4a | |||
| d81b5b07e9 | |||
|
439d3d415d
|
|||
|
7ad308376e
|
|||
| 95a0786224 | |||
| 3400636511 | |||
| 12aaed3521 | |||
|
d901395e50
|
|||
|
c16fa7e6a5
|
|||
| 07a5a14438 | |||
| e09a328eea | |||
| 69c854f99a | |||
| 83213f104b | |||
|
ce3a73515a
|
|||
|
6f8a22275b
|
|||
|
97d92f8d3f
|
|||
| c36ca81d99 | |||
| f060fe730b | |||
| 368f69871e | |||
| 559a55735d | |||
| bee2aaeb7d | |||
| 42d132c94b | |||
| 44f6cb2aab | |||
| 53847378e1 | |||
| 70dd7d7849 | |||
| fb1106a700 | |||
| f96eb5e1fd | |||
| 0c2e32df96 | |||
| f2885286c1 | |||
| c1941df3aa | |||
| a6ce019807 | |||
| 69c796cd7f | |||
| 8a464d95d3 | |||
| 5f37f609e1 | |||
| 350046b6fd | |||
| 9ee52dfca2 | |||
|
824891274f
|
|||
|
1df5459f70
|
3
.gitignore
vendored
3
.gitignore
vendored
@@ -1,3 +1,4 @@
|
||||
secrets.yaml
|
||||
infra/tailscale.patch.yaml
|
||||
!apps/template/secrets.yaml
|
||||
infra/*/tailscale.patch.yaml
|
||||
.DS_Store
|
||||
|
||||
3
.sops.yaml
Normal file
3
.sops.yaml
Normal file
@@ -0,0 +1,3 @@
|
||||
creation_rules:
|
||||
- age: >-
|
||||
age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
0
apps/README.md
Normal file
0
apps/README.md
Normal file
@@ -4,20 +4,20 @@ metadata:
|
||||
name: autoupdate-teable-figurines-currencies-secret
|
||||
type: Opaque
|
||||
data:
|
||||
RATES_EXCHANGE_APIKEY: ENC[AES256_GCM,data:mQ7j0QNtmPRKEbs0/1Gyha1d4dQSVs2TwheGiQu0LPoAeYLe1gyzSGGS+/SF8lKl,iv:42LINaSLOptLq2/NrqR+c40t7wMWj90PaMVp74GbakY=,tag:7/WuSXVH9AZbveiaSjN1ig==,type:str]
|
||||
TEABLE_APIKEY: ENC[AES256_GCM,data:iuHX8DJIgb7k4+e3AHjDDnyx1PRMa1IAKBzBBIln8nT6CzWgZHXCheb3Bz6rJUTUutvOEXgSWBRffkJZ3kjayifAmEXHLxMQtrKqfa3dm0ghJQCqCZaewL9vN2VAe3D2,iv:WojW3eQYAaKK6h5m9+7kUgJRcotYEqaDbfDva/Cwc08=,tag:HkzwC3d5Ndv5FoXVJZMmYw==,type:str]
|
||||
RATES_EXCHANGE_APIKEY: ENC[AES256_GCM,data:idrRA25VfneIshso3QT8HTTDNSkmDInae9yXusFM03q3M7UZCBUMymQ1MVYPGkWg,iv:urIixgAI7yLHPC4wKR3mV7jvdo7uTtUH97fb1xgK/t0=,tag:bYuyOmNWgtDg5cf2fkbmcA==,type:str]
|
||||
TEABLE_APIKEY: ENC[AES256_GCM,data:9nZvbihfKGgt6mqNt2Wu/r5Ldtj0GKu1W017DDa2BK3w4wbxzbME6gAtbj5XJbpTFskBThJU5FSWC/ngaAhyQ8kCgJ5xB2CsDHqeyoKLd3qPd8I95D7jHf1GVE2LT4DR,iv:HvGovXdvD1hHEYMRVehiHJkLBqWtzoZTGibjKBKw6tE=,tag:6U3vLbr4uJ9fG30APSTLig==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAramZZVEV3TEhyUmErZDNZ
|
||||
RlR0Mm44WThoMEZqd2dYUWVXRS9qNjJKZ2swCjd0ZXhLUkVHUkNvcjlIU21Kd0h1
|
||||
SUNyeSt1bWtVTkwwT054aTVXUzhzZHcKLS0tIFY4dGdUZ1VRWkZZSUNJOU1RbGx4
|
||||
d09XVFVKY1dNcVdldCtSUUxYZUtXd0kKynbS+MZUw0fWcQ5HbiiOnf0NajSD4mQ0
|
||||
QhcFWaadsR5LZjdxTfS1XFcbVGa2H8E3FtQvksz7lGwLsU0xqMRGzw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMUU5c3lGbDJtUHFoMmNq
|
||||
Y3VmRGZnSzl4dUQ5UDJJUWRNdDF1aFFkUG5JCnhxMWZFYnNlNWM0ejFoR3Iwdmlm
|
||||
VU0xVjVKeU9wc0ZwMUswbmJaeVlvTUEKLS0tIExVYjlNZUU3OE0veDRaN3RUWXRy
|
||||
UGlzU2I4RDdRR2ZLVHlFeW5GaC9PeFEKsMPi8Yn4YewQG26cpE7fQYuJr8onjc0T
|
||||
bF8HKsHZw77pmSrePcpYLmynPS81lnw1mU6zIlKTvd/elzfGFSS5Xw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-29T22:38:31Z"
|
||||
mac: ENC[AES256_GCM,data:cVxy/FkFJnxjzygwf0KdBNvF13nKk8wOjiMSaAtkXcrYPQshu5dONx/2pkG0HjifVKIZvATu/3G7nhcb7pX5+t03QOPkqmoHSowxejMB7w5eX24MALhzAMze/5nlnRQMLA5ZQ+3lG1SNsUXAXlWrlNAS4FKYvIjsvFRA0OTH95s=,iv:NdE7v3ysPuyACIFgquSwZN4AXhFr9Pv9k0PkqAEsVxc=,tag:zM4ga1oK7OpW+ppiS0/HTg==,type:str]
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:kQ5Sfhj/hepaxAyqf6FJamdrGD2Dtyw/Vnn2NtzCACuliV+3cXRdE3s9Tt6yOw25nOpknrsmP9sCH3zc2RZke3mxKsVqRgrBJzfjL1eu71OXy6unfMmFuxdnkpO4A1Hechr75HZj1wNccTEUl5qspha+BPv0UsFlvqWsTbssZ6I=,iv:ROgfe4hgbE+9MIaI1hNXG2Asj33raM/bQdfjQYC1kzc=,tag:jGD+3hlkSPEp/toZNjUDBg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
|
||||
@@ -15,7 +15,12 @@ spec:
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: "/data"
|
||||
# - name: olddata
|
||||
# mountPath: "/olddata"
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: technitium-data-pvc
|
||||
claimName: znc-pvc
|
||||
# - name: olddata
|
||||
# persistentVolumeClaim:
|
||||
# claimName: gitea-pvc
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:0bMlVfY4+bGNfAmEEO2rVJ0xwd+/HBQX5smKwJpmqGff3zColq3BPkoYbmjwHzSy665vzO5GYgfiGmNwNpZuFoslUElprR92kg8tDePDwDsKeN1547TsQky3box7YI/2keEP2q5D8h8ZUPVFmlVltWsTUlS6CMyVKg1Dx0qUorIZdnqrIkvY8OxC9tEH0Rc3Edpz2QEMNL70NogfZchY4K3xXMFVEgIaVBYJi0AsAkkMOkgfrGyZScIqg+ypNTmGvn3DvKagofsiMZAsdS6u05T9kwII9scimDiAHBpmEvYsBMng8cqLgRmrOyMvIM8w0U6cG0aH41AjxGGmXbpAsuNm/e62x6hU3JNUGGOoGRVuEYnHGAEoJ6PEzPoSHlLGsCk/CqNrrDxyvHIaji9OvYBgujfBMljcTnsuGjYCG0XkNmN4UlpeNYGCtWh8r8aZzlhZTbmWZaN7U3yc8zQBxbdw5vmTV4vuWQ61Dk4xbVoX+h/2O9RF1mzODCd2MghCyXWbtIuh9T7dcI8H1f0hR73+YKrmXRDm1z4iRC/FBUXoZzGiYpOml2L2iRtUyR7E0VunLVKGT5t1ONJzqesMt8NFlHMj0T8n1OdTXlofddsU0qzFaIpIV7E0QlQz393BIIKNecAuKa2jHaujUzqLSG8+Kg+yT4rqc50d9BuizMECEyjyhsY8G9sxPCwrybg+8Jqs4zYWPaWRmepbBbMm1yXcfAqUOVpcuxWww6otA+f/bMwmyfbGd9wVK5snPMmPg3JD05navmKNYGDilfNVPO87CjUHT96tTT+9hfsAYM9rIzkrCKnndbtPmuWFGWUZYxQ6nN9kbCHEe8CSDcN2Dp8qNK+hVUAwMknFwU+zQWJU6X39fT/WySsdOhql8ntrapYTxIDgxZz3oEvVnIxMZBuZgVex1pWgvFv0iA==,iv:C3NDjBZktYMnnXWC0BOBOF1RLPaR/++CanDSCKtZpdk=,tag:8Tnh2UNfE2UThNexHTzlRQ==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWVZRUzBMTHpHUVlNcG1L\ndGhWUEtkc2o5Y1U5NTJEN0pHbWpZUDI3ZWt3Cld5SE14UjgwK0xoWVE3TFlkYXho\nT3pBYTZIRENoZzNwY0xxWXNOUkJrMlkKLS0tIEZTMXhaMjhyMkdHRmZZVjVrOVdu\nUTVNUzAvYUtjWHRSakcrclJTQkkvZ0EK4+jaOzoxwa+kVrRdkmizMBZmbSTktBU1\nj5YnJPDwtyBCtPTrF5d9hcD/NmEdhv2Dm6JilT5EPkZslvcdHQcjZg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-05-31T11:22:24Z",
|
||||
"mac": "ENC[AES256_GCM,data:l17vrFzlOog3YcwMA61iJGIa/zra9RERPXiT3TH1sLtv2pLNEcu/eFOK5IhqMSPDtkSN1LuCcKqSj3JKpVVRINsoybSSD2XuWEXwSKaaBvtY49HGxpCu+Id1GEt/81IwMvWOu1CFsOyuRkYtBwBc40ThqcqCU8ub2ob9vwjpxGY=,iv:AnGQtzGcboOPYyFGuzOI+N+atZr9ZnkH9nqj3bbd5iY=,tag:Yy7zzJ1V8+Zn15B8xBoy5w==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
@@ -1,24 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-kakigoori-key
|
||||
type: Opaque
|
||||
data:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:+Qbmh7nMRRkgAttxWUllxvnHN+XpiBZCm3Kppxzb79KSMlili/FC9PFLZ0I6F45vF65TIhmlCfdkWd0ikgFTjpUnmat4rzfb21Nyhx4+6bZkR+7eQJmePw==,iv:xzqrI+Dp5Zx9FJxUvaNGhbbZ8bZY0JSxKTj0pf1T+08=,tag:J8CZYgiWFpJm3H3L0mrMIw==,type:str]
|
||||
THOTH_URL: ENC[AES256_GCM,data:o0cQMFKRPaRLE2ZJ1CXxKWoMTO380w2qVNkbIO8ul9d/yNBexi9xh/3yHMLjr9Ti,iv:td6XXTJXHZcDLs14dsRijmMiy2HzoT0+Kmt3g+KShjk=,tag:cWr1XF47B1ayuYUUMKw3DA==,type:str]
|
||||
THOTH_TOKEN: ENC[AES256_GCM,data:e+SbKz72mYSjh3MH0NfLhUo9/28ENB4k8kN4/z2ooI33QWQLT1rCS2uDZuw/KpQIF8PobpYmF8qJkNM1gpuMB4MTHog3jUxpB9Ff8GxnvIbal1yRsIj6/UEW8BEzuENACszjHWKah6Az53SRyFxFPDNopKRlCTvdm9/bTG2f2Ie2jFWriu2e/7jMgKQUbcvdfcJoOdPbaRLU5tlHfUOrzgSAjfj02ktCPac8ss2dNKKQib6iX4gQdMfjGgTSzXObopYvX9aXhUGTpJOebTNAfz5ECLejYG63ZKY4VTnHmnWkzvuWLYsgocAL/6pLiTrS/JWzAyZF+Gce7K2XaAOO0deBAjGWQl7GhB+WMF3aiePjtyib2jAhXpa5fVET1lPwmom6Xf8Hg9DwJQ+4WSReMK7sGzh+RSwmFegxX0mnhvDtw8CaT+fKkLs8APdEBCBnD8H/e1xJJsqPgVJVQnwt+TkKRldELAKzq9jbHRVuWCpoJBBnnYJNlvSAbbwIGH/mv998FFT8f2ARSDJYUl4fNyQorRWMV4Zhky+8QIX+jPQBqljY,iv:ZXCUFpqh85W8l1saUYWLNg37QTkxy24vlZyPS0I8mjQ=,tag:ExMldQHFqAPdOtLqmDLrKQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VkUzSWdtZlI0Wm1PMC9U
|
||||
T2JIdWkvYjIxby9SMmlRVTlKaDZrUThvaFdNCnFCOVJhS2hIWWwzNWVKT0xKbUY5
|
||||
TVVXa1d3MUpUcjlVRllTZk02bnBqdDAKLS0tIHFDYzB2TXJIS1FyQ0JYTE5YUTFS
|
||||
WFN0Q1dqeUtYUitwVW9EalA1a295M00KItuiSlWjFU/EuP/gHfx5ZiOEC1mgUa2I
|
||||
KQdJSOzHobfICZY2/wF8+KPpMBwcuB0IQL6SJF5I8CRS3H1dIPTaeg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-16T00:27:47Z"
|
||||
mac: ENC[AES256_GCM,data:UiSbzEO8qKqVHPqoH6mHwokCfGt9kBJAi66ja3EOMTdrKXueLxEii2YrgaPnBTcx93Ha/VBhzwLbVxeF4C4PIxNdsauWrh25YmfZvkBe2F3viJQpJVgIGbLPf7Uv/fZ/xhwuk/A4+Ob7+XymFb0PFZ3Zo9pEXzjNwZ6QuFChiYs=,iv:1caTZ3pG2CgqtWwGJIa2nAV+2/yhDRv0zRFtv+T+GBk=,tag:phIjj4ZpMcr5CC5P9qVbpg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -1,18 +0,0 @@
|
||||
resources:
|
||||
- autoupdate-teable-figurines-currencies
|
||||
- glance
|
||||
- kakigoori
|
||||
- opengist
|
||||
- pocketid
|
||||
- prettysunflower-website
|
||||
- privatebin
|
||||
- publicfiles
|
||||
- rallly
|
||||
- renovate
|
||||
- static-websites
|
||||
- teable
|
||||
- technitium
|
||||
- thelounge
|
||||
- uptime-kuma
|
||||
- znc
|
||||
- vaultwarden
|
||||
@@ -1,27 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: opengist-secret
|
||||
type: Opaque
|
||||
data:
|
||||
OG_DB_URI: ENC[AES256_GCM,data:TZpj9cVMF6jHqhJf2EKMDe8bDp3ozn86b9IG1hIinX8V4sUkayB2UznScqhnsEAd+FKAimf7exu5+fQ+qDVLVk0izy7PNNKK6JpNWatkfwfk7bN0hMghiIRlNL/dB5vnH/m4FktUD04=,iv:NueU8M+PBvgCnUY2J/DyHLSyOHYkkPs0Nu3QnnlrOg4=,tag:bMDNa9AbzK0pWW2/V76VGA==,type:str]
|
||||
OG_SECRET_KEY: ENC[AES256_GCM,data:FRMGtPW95ypXvPdcss61FYEZPwTU4IbULt//av3pncC6c4RraXzEr8zwGpxlxsLsorlhVN7xm2SybDxtHHVs6B7Emr8NwRq+5fLZfU6YHa8y/tqr68/vlQ==,iv:Sfkx30Cqw9Y1jKNTtXrQiwMwbsiT3E2mygRACf20JuY=,tag:3vmHOZWs/jsynIL1Na3LPQ==,type:str]
|
||||
OG_OIDC_PROVIDER_NAME: ENC[AES256_GCM,data:ff/7A9194cworblcum6zbyLTKzI=,iv:CPECmbTOlDAGf0Pd8GGNodmGA8ARnfeaU2E/JpxezU8=,tag:mnVi10u7mZGgoMpeYu1Y7Q==,type:str]
|
||||
OG_OIDC_CLIENT_KEY: ENC[AES256_GCM,data:OjZc3bFKk9q24RWm7ftP5j2TUfAVerOh+2CA4+4+0FMef8HP/g0p3nFVzIl5H/9R,iv:RUsTi63pi7RsdUnHct/Whmeg3xf5VKp26bli0GfsPcs=,tag:9E9pdIieAAqAg/TXrxqseQ==,type:str]
|
||||
OG_OIDC_SECRET: ENC[AES256_GCM,data:zBWln9wZiG7PU4VkzAqA81enp7+bkWF+GNE8W46RhsgQOgG9AQmBEuEB++E=,iv:5MDI8JvcKhQ/sHX/3IL0wRNMRqs5tYgdsX/KcNqUYPM=,tag:aM/Dlbbw2tnXpSq4zJnSGQ==,type:str]
|
||||
OG_OIDC_DISCOVERY_URL: ENC[AES256_GCM,data:2X2m6q6d0VMrAbYq2EVKc7ID3Y9kv5yKS9ncnqVQtShnx95g0boAKYhs2+vTw4ERQFKWAlgVoBrjfdEgkwuQrWoON3n7Y94n3Sgqsg==,iv:f7NhX74g09/ATfxvr3k22R0h9daRDA4ZzceRmkqbH+k=,tag:hgKMrwPyw4WEJtnALCQzzg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxREt0L3FXRkc1aXdQeG5s
|
||||
R2RoZGhyUnVYbnJ3all0eXBCaHp0Ly9JaFNvCmxrNGx4MDFEOFFtQ2I3ZldRcE5E
|
||||
V0FtV3lMUk9SQllQV1A4OWRlNkdxb0UKLS0tIExYWXNxbjcvTmNLSFV0QVZtcWpv
|
||||
NWtHbTd6bnRyN01aeEVUanVRMFpnR0kK/lnokfJiXcO9aFj+4iWqEnUMxdvz91GD
|
||||
4LUJR0MDE4zblg3/8ZEUM83Bb0CwtnEiQ/8IXbHwLwMdu4AJ4Fj5dA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-10T00:20:57Z"
|
||||
mac: ENC[AES256_GCM,data:O3x8Cp4SHVrZPoRVHbnMUnGjOuf4VXgnD2OX7PhuATHJGOvFrmKBQPs/cTdyLz785sRWDHqJume1SEKjezgOw2dw61tDm11CMRM9t1M5oG5rMOg7yhdCFFvw4MGW3TLn7VmJwoFpbSMbq8SH8xSQEBf8+B2XZvU0LudEhTVn0xA=,iv:D7mGMmT2K1PfL4dTRKztus1xbAfbTWJ6OgUOn/U24dY=,tag:N8dA7a82HvDnAZWVh80kvA==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -1,6 +0,0 @@
|
||||
kind: Namespace
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: prettysunflower-website
|
||||
labels:
|
||||
name: prettysunflower-website
|
||||
@@ -1,47 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: prettysunflower-website-secret
|
||||
namespace: prettysunflower-website
|
||||
type: Opaque
|
||||
data:
|
||||
GOOGLE_API_KEY: ENC[AES256_GCM,data:Kff/H1QrNmyUoNCgG/DJmYTSluBfQkzATpNYcW+mpXA5igR1TW/8rxBI3pEavbiXq8s5dg==,iv:2w6gt7+r/bQTlWmObBeqkY/8osdAmvKaWUjIm+DjNyc=,tag:rLFP3GiJ+QMGFH81noKutQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZXZUZklxb2UyRHA0OSt0
|
||||
UXdad2FnQ2RVaVFKWkgvUFduUnVJVkpsZXhjCjF0dUlJTmVvUFVhZ2pueUdBS0t2
|
||||
MHZKS29XRkUwTUUwSWNmb28relhxME0KLS0tIFZuT0JCZU9nMFltUk0yTU1zV2U0
|
||||
YWdTRm5wdUdBN3BJelZhQUZhWllRTVUKxNufC3hgtybXvB+AL4rqeDCCGsbSTG3Z
|
||||
f+04lkOLzcLr2sTBueGNG8UfnflSQI1JIrlHAzb7LlNi4vuH3KdFEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-29T22:40:27Z"
|
||||
mac: ENC[AES256_GCM,data:JtiGrHVD+JJQ5ZwHLCT4rTOu/UoYCscn1Wv0F3E8Q1y9olFXLhq4b9L/vOGe+Wf4/8cl56zf9YnifWR73c71/qnTjsByN/0zqWJjtsDomaxFkGtjLwKbnvvJs3+NyUw1OJGSnL0c79rhEZTkzfFrN/td1hbr/Qho227UvoVOLsc=,iv:YHBAJqUJBz/kzcdNOUPDxaWqEVVmHvkgcjbP2FYwwDA=,tag:OIM5/vlgMCxRYocvy6xjRw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-key
|
||||
namespace: prettysunflower-website
|
||||
type: Opaque
|
||||
data:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:uVHaqVVCLb9j8y/zXo2ZutfYgi8tu1sLJ003yw0l7C+jy/s2hHKkgVwqXMTZRA+Hq0RIRNEwHyswfM8tQ2olmQVlPASEXnT0yW0lAidoZ/xf8fs1Am14vg==,iv:w/ag0nJ3MnP3UUGq6iMNu/qHLr+kt8G/Ntzd6APQCuY=,tag:mAHZM2PGAqHjnp4QVIkqPg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZXZUZklxb2UyRHA0OSt0
|
||||
UXdad2FnQ2RVaVFKWkgvUFduUnVJVkpsZXhjCjF0dUlJTmVvUFVhZ2pueUdBS0t2
|
||||
MHZKS29XRkUwTUUwSWNmb28relhxME0KLS0tIFZuT0JCZU9nMFltUk0yTU1zV2U0
|
||||
YWdTRm5wdUdBN3BJelZhQUZhWllRTVUKxNufC3hgtybXvB+AL4rqeDCCGsbSTG3Z
|
||||
f+04lkOLzcLr2sTBueGNG8UfnflSQI1JIrlHAzb7LlNi4vuH3KdFEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-29T22:40:27Z"
|
||||
mac: ENC[AES256_GCM,data:JtiGrHVD+JJQ5ZwHLCT4rTOu/UoYCscn1Wv0F3E8Q1y9olFXLhq4b9L/vOGe+Wf4/8cl56zf9YnifWR73c71/qnTjsByN/0zqWJjtsDomaxFkGtjLwKbnvvJs3+NyUw1OJGSnL0c79rhEZTkzfFrN/td1hbr/Qho227UvoVOLsc=,iv:YHBAJqUJBz/kzcdNOUPDxaWqEVVmHvkgcjbP2FYwwDA=,tag:OIM5/vlgMCxRYocvy6xjRw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -1,29 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: website
|
||||
namespace: prettysunflower-website
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: prettysunflower-website
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
name: anubis
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: static
|
||||
namespace: prettysunflower-website
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: prettysunflower-website
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8001
|
||||
name: anubis-static
|
||||
@@ -1,22 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-key
|
||||
type: Opaque
|
||||
data:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:DBMXjeG7KguofrBF8wFRZoplFKhsxRGvWAXga5QJkhYn4HNF6WvFr8dkCww7Z6qpqdskKqBQqBiYq6OgTe5f55or9sWeO5XwKprjTUYYJ+/Yxvg1MBMlSg==,iv:MfK068uL94QNPlh62FNjBMK26M6Uig9yWvHRLpmEASE=,tag:0w4OMh/KcWsK5n4xnkLzaw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dGp5eTNoRWZRVENPaXVv
|
||||
cUdJc2d4Sm82RklXb29vRHZQZmhRNHRxWGpRCllwNENBY015WUFqeWI2TGhhcXZ3
|
||||
Z0w4dXJZeEtQZkJRQzAveTZtS1RZdDQKLS0tIHlYeEZzMzNXTzdJaEd3S2s0RWh0
|
||||
L3lRQkxCNWRBbFdlMW1DS2RXUXJwTlkKW7jjQfIC2tZo9vj6QenOdOa54xCjMU5v
|
||||
3Be8lPn1H6js15fKTpCw+6+VaEBaAxO9Q1BnSlKx76YQc4V/1pRGhQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-30T10:26:13Z"
|
||||
mac: ENC[AES256_GCM,data:mC8nlQZA7o6h+FDK5eB4XOXrYnygml0rYDDlg4oq0i0rNXlK0gQcTQxYU3ZJLyEJirsjKhdoyF/thP9ro1Jdbt2bNn5k7crc4o5Ar4/Rlu05xxq7reZKtX2RiUaGonlWNrNLbXWnPFv9TZ2A+qkdIlXYLMg5vNFPJS0E56b/SH0=,iv:1ERSVhVwzEj3Y+vPdbBEeHsjLi5IZ0pgWwh423cGB2g=,tag:l/2a74j+gbyIQIn2DIN09w==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -1,4 +1,4 @@
|
||||
http://publicfiles.default.svc.yakumo.prettysunflower.moe, http://files.prettysunflower.moe {
|
||||
http://publicfiles.default.svc.sekibanki.prettysunflower.moe, http://files.prettysunflower.moe {
|
||||
root * /srv
|
||||
|
||||
basic_auth /memberpress-basic-1.12.6.zip {
|
||||
@@ -6,4 +6,4 @@ http://publicfiles.default.svc.yakumo.prettysunflower.moe, http://files.prettysu
|
||||
}
|
||||
|
||||
file_server browse
|
||||
}
|
||||
}
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: publicfiles
|
||||
spec:
|
||||
replicas: 3
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: publicfiles
|
||||
|
||||
@@ -1,43 +1,37 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: nfs.csi.k8s.io
|
||||
name: publicfiles
|
||||
spec:
|
||||
storageClassName: s3yuyuko
|
||||
capacity:
|
||||
storage: 10T
|
||||
storage: 50Gi
|
||||
accessModes:
|
||||
- ReadOnlyMany
|
||||
claimRef:
|
||||
namespace: default
|
||||
name: publicfiles
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-csi
|
||||
mountOptions:
|
||||
- nfsvers=4.1
|
||||
csi:
|
||||
driver: ru.yandex.s3.csi
|
||||
controllerPublishSecretRef:
|
||||
name: csi-yuyuko-secret
|
||||
namespace: kube-system
|
||||
nodePublishSecretRef:
|
||||
name: csi-yuyuko-secret
|
||||
namespace: kube-system
|
||||
nodeStageSecretRef:
|
||||
name: csi-yuyuko-secret
|
||||
namespace: kube-system
|
||||
driver: nfs.csi.k8s.io
|
||||
# volumeHandle format: {nfs-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 100.126.243.21/mnt/yuyuko/public_files##
|
||||
volumeAttributes:
|
||||
capacity: 10Ti
|
||||
mounter: geesefs
|
||||
options: --memory-limit 1000 --dir-mode 0777 --file-mode 0666
|
||||
volumeHandle: publicfiles
|
||||
server: 100.126.243.21
|
||||
share: mnt//yuyuko/public_files
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: publicfiles
|
||||
spec:
|
||||
storageClassName: "s3yuyuko"
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Ti
|
||||
volumeMode: Filesystem
|
||||
accessModes:
|
||||
- ReadOnlyMany
|
||||
volumeName: publicfiles
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
volumeName: publicfiles
|
||||
storageClassName: nfs-csi
|
||||
|
||||
@@ -4,29 +4,29 @@ metadata:
|
||||
name: rallly-config
|
||||
type: Opaque
|
||||
stringData:
|
||||
DATABASE_URL: ENC[AES256_GCM,data:og/DjZzZQJZSeMsqf2t7rS2+b7g0ak6eIC1JGYCtGJq63x4nTmJyAD0oJEN8ME1kp/V+edX1T68SVVPdrsPVHlawwb5ZJOeSu2wB,iv:PV84Oi/kLGDDm45WWN6w+llLBzIcopP3kB0bLYCTM5o=,tag:fuqKM+VghdxjWoArEiEYMg==,type:str]
|
||||
SECRET_PASSWORD: ENC[AES256_GCM,data:324h5buHxd/xxr+V87aepxHfEDyjta2BL1pkwwCtPzPS9MC9xcJm4HX7c8qGxr1GsJkFS2/LIBPHRpl9sZ3aww==,iv:5W7NStdQcOSOBG3YfQsF+PqY4pBYNYPb+dZFOMnfVHY=,tag:3h0Ey6V9nmrAivgQwhbvWQ==,type:str]
|
||||
ALLOWED_EMAILS: ENC[AES256_GCM,data:R+LvSgga0H5eBls+gOPvYsYag0FF,iv:lOiJhKe1pPMG0R32DWiqG2lX1ziXauMVjrl2+veQFKE=,tag:CHKPCZRmxG6dmz5RywH8CQ==,type:str]
|
||||
SUPPORT_EMAIL: ENC[AES256_GCM,data:yYWpEnghNcOe0cRuMg2ffOp10GsWMk8/,iv:ZmPrBS4egsFUrkOvZKBJMTvh/Lcf3nLwjaqz8aVYaGg=,tag:M3fkjRJjNRrysY7HagbfXQ==,type:str]
|
||||
SMTP_HOST: ENC[AES256_GCM,data:cOJLpNdBmLPBE53IUQ==,iv:Nv7S1ZKisrmkQIYwJf7Y/xqSQFHkvFrc4DzaMcXy4Ug=,tag:XEgyNik0EiGk4niqYujUHQ==,type:str]
|
||||
SMTP_PORT: ENC[AES256_GCM,data:sFaL,iv:UzQux93MPbrQIFpA+xD86z4E8YsMzbAmb5OKYKB3EKc=,tag:8x/f+OPkBUO2sD+ih+DEHQ==,type:str]
|
||||
SMTP_SECURE: ENC[AES256_GCM,data:dDZwLPE=,iv:U30Wj2jbUvusUyk3e3wW9vYd0/vNEicle5Ab4RhXpY0=,tag:V5t8wNToYJuoYdjBIfGtvA==,type:str]
|
||||
SMTP_USER: ENC[AES256_GCM,data:eRFXbLAUgIv0iv1gveEsg75+QiJDiA==,iv:AbLvwCpVIRjNyq9IM25SevEQGihOIVFLTjeDGYvfDsQ=,tag:Xj1jHRKZ6D4Kwar6VW1B5Q==,type:str]
|
||||
SMTP_PWD: ENC[AES256_GCM,data:myJOrcEv0J/JeIVan/WRzA==,iv:cPmyFTu6ZGe57SRzDbN5bdmYaPz/yaUvuQsrP2V1iZA=,tag:3xbNjIaANxRBENxpzm3XdQ==,type:str]
|
||||
NEXT_PUBLIC_BASE_URL: ENC[AES256_GCM,data:85hc4Aca8yBCctXXpwdfeF5TUcbK1rX8qelB+kR6h7/nZG9sqvI=,iv:mz3+Yc3mTB6cNmZyYNOBf/rm11/1HoR0VTeJEbCzWyw=,tag:GxIY03wU3MGiIHmdZM+E+g==,type:str]
|
||||
NOREPLY_EMAIL: ENC[AES256_GCM,data:hjMfBGrXThJi2AqaW1G+J8mVE7laZ5OjCAzE+uYn,iv:t8YQOZtlhTTEoqgtbxwzWzInltH5K5cGr09cRU740PA=,tag:kfQXf0yldyljOHNdl1gv1g==,type:str]
|
||||
DATABASE_URL: ENC[AES256_GCM,data:HXrfYuhgi9R7IXQXJWeGTcHssiL4uIA6iuLR4YE0p4AF57quL2ksd2Pv71ebv4XtqWShrJhIp0LEfY5XranVtJl6Cr+pXr5XFR7c,iv:XFGugU5SWkQrte1hgP8RjMhAtImZjrZJLAOiZwKTpNo=,tag:Sf29Gwd1lovDkdEjkDG7zw==,type:str]
|
||||
SECRET_PASSWORD: ENC[AES256_GCM,data:JIRUfQOZ8d89Tq8F3LQmW83a/+zyfczFQlaaojx0kGYlYm2uoSJvcRxPZBFRXBOcKqDKiUT6KfiDnLxdv6VMHw==,iv:rouRvjpMVnWEgNjPMc+sQGlzt4IKOeomN7NAtXkNZVw=,tag:g/H65y5Av1cwJUmvxP1eYA==,type:str]
|
||||
ALLOWED_EMAILS: ENC[AES256_GCM,data:sCKtULTG5XzzWAlGPVuAkP1gTm5o,iv:wVPwQzyytJ3zduRaLVt/CVFHESzETae+zXE4eAiDw5M=,tag:j6JqfYMnkRWdMZrPOVUxBw==,type:str]
|
||||
SUPPORT_EMAIL: ENC[AES256_GCM,data:aY0wEYfC+yru5TJKvV+lSWatBs/OgX56,iv:iG8irKnFyn7BFVwpXs23TweMcfU7Paq68tZzy5gYMgo=,tag:OmHZohL6gE8oGv1z5OIpTQ==,type:str]
|
||||
SMTP_HOST: ENC[AES256_GCM,data:b52Upi46XqxdgWtukw==,iv:oN0quki2B4mis2KulQh1sgEwmb7dhND1/t+68HdV9OM=,tag:5NpGnmB3AGXOGCNp81Ji5g==,type:str]
|
||||
SMTP_PORT: ENC[AES256_GCM,data:plcB,iv:Zn+yhO2R06ZHEEoULS92LfSvhKgrS44+0HTtynHM5L0=,tag:WtB+gv9bBLYC8L+LBZoQgw==,type:str]
|
||||
SMTP_SECURE: ENC[AES256_GCM,data:oJJEVMU=,iv:QIu0fyk13/5gq9RSUoBiMT+LiKMTXv0Ru/up5eWwnaQ=,tag:qFcEx0eojViIfPuoZO+Pdg==,type:str]
|
||||
SMTP_USER: ENC[AES256_GCM,data:dNWnQlIlLWarCCwYoG4vPJBOxs0wgw==,iv:QmJnw3V4PFVkXaPrkoZ30lxE/qTBvCw718MUe/H1lr0=,tag:kz1h3VL5Qy3OjDiiSg0lWg==,type:str]
|
||||
SMTP_PWD: ENC[AES256_GCM,data:Mcyb6CZpAGPzwITzotSzBQ==,iv:NCV2MPiBI7Ql7FBUQNfsS6O7GlLggSjbAfNPxmIhWRU=,tag:zRu2sOnH+fSTQE54FFe/Bg==,type:str]
|
||||
NEXT_PUBLIC_BASE_URL: ENC[AES256_GCM,data:KFQ5G7Xhpjppq5jXLSrg1whoDu51Lm7k4pIjKHU2xR/1+uIqIgc=,iv:Bj4x8eNQ18XwEuiKNfpsgGgy05WAL7uPjAncihxFD/E=,tag:/7rVL9kdXt1e6W8RH1mOYQ==,type:str]
|
||||
NOREPLY_EMAIL: ENC[AES256_GCM,data:zYSbRt8lhDDsxQ2bQeqSepSrUB5R6szlCdoidwUa,iv:zkUBsQMKghpBcJQ+V391SYMlC8fbuPh0xANqZDZvUjw=,tag:fM5xu0aBlSsIMTRyHC9fxA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacEJRM1VQRmlqaytuWDNC
|
||||
QlpUMjhYQ3NQVjlVbEVwS2dHNTlQTHlYQ3dnCkFCUytDSmQ3TFB3RVNyNlBXVlNK
|
||||
bUtJNXZiT0sxRU9rSlZrTVRXdjlSVWsKLS0tIFlZelJZNTIxc0RHOTFDNWhOZ01m
|
||||
U25wSVJicDE1VVpXeUd5b3d1NUVUQzQKQV/DaIkKLsHiksmLhggIyjX1UIg16SIQ
|
||||
lGk22q4xM4v+82O4y0t4oxxVPiXxDPkj6NQiiZcsx0pmzFchfv6Lcw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSG5xZmZuY09rdE1VWTU3
|
||||
a3VXcE1uNnJRL2tLYk52dW1uNWF1YmFrYXlVCmdvN2lPVmRNMlB4RXFNRTl6Qk1o
|
||||
YkYwM0UwOU13elZSekVIbFRVUDh4cU0KLS0tICt1RnVZa0RxWFIzZkl5MTF2bkc0
|
||||
WHVXSDBoMWszeTd1bjB6Wnl4dDBwU0kKlTNGj6hQMIZjF1DQjeUKAPbiWGCweSAl
|
||||
d9p4KfE4p+2smukqNiV53obP2oqRDrIMK6ivwQOcn9gIdt/GSFz4dw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-06T09:18:00Z"
|
||||
mac: ENC[AES256_GCM,data:NbZlZN6vxP8moSxXUlk79pLsgvHMsUCKAOq3QImJ5GMiH2dkkzuHAtj0izyAtnYnFBfwreS/V5gXk9L/EENae3tBMB2Bld0/6j+Z5Te0jeKrIAoXXqAQiBrLogKYg2omm9fKRyCZ4CdfcjFBVlJ/vO5/TJDHe5Ne3nk62nVdMgo=,iv:euAkY1YTi+NXZLzHFrpfqWhPOWeYBmVOVp6g9Z5txQE=,tag:Wixp55DxJwzxhk82KDsrjA==,type:str]
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:KL44gUq/1kRlpSfSjNzFsqLdH1FxEu97KmThuLhuH4Ab1/Xv+jmzkqqIarEZtYrHNsQ+f9S7XKXBWI0aCvzjy0TbS2l7GB41biGV8cqqrjuOEu22D+eAjwxQI+aShoBwlH9X1stK6d0aLaLMbOdSjScmAv/SqVzQqkE83WuaoVk=,iv:N8mu6zmukA/v45pzaEUZ3yLmqY0s14lUQGZrq4Ne/Ng=,tag:fy/AnT3Q5XTgAENHJx8wJA==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
|
||||
45
apps/seija/anko/deployment.yaml
Normal file
45
apps/seija/anko/deployment.yaml
Normal file
@@ -0,0 +1,45 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: anko
|
||||
labels:
|
||||
app.kubernetes.io/name: anko
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: anko
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: anko
|
||||
spec:
|
||||
containers:
|
||||
- name: anko
|
||||
image: "git.prettysunflower.moe/prettysunflower/anko:main"
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
name: http
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /anko/anko/local_settings.py
|
||||
subPath: local_settings.py
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: anko-config
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.94.59.38
|
||||
7
apps/seija/anko/kustomization.yaml
Normal file
7
apps/seija/anko/kustomization.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- services.yaml
|
||||
configMapGenerator:
|
||||
- name: anko-config
|
||||
files:
|
||||
- local_settings.py
|
||||
15
apps/seija/anko/local_settings.sops.py
Normal file
15
apps/seija/anko/local_settings.sops.py
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:nmMmB4eMiVT9mTyyYCg5opEdseQnu/6aW0Hzd4jO7uyPP3YYziuN2VUB+D35BiznQemB0kyCSjrGK+hsD6SkMRF2+3NGwoUoETJhD+/sC6vz5+VzWCh01jkJvcpoZuHKb9uLnS5NixMIXCos4IQdpioSFJm63aGUrrl5sWKNTpL78Jtt0w4Lsdb70oaqJlaGpFTpm26w3gUmCPLH/UZUQzCBOqzAxHC4GVS81ctGzqq/jLYji+qJyMw/LZLyXJY0V183VzNeiw7Jajm7pQAZzu0N+G1xkud5L8QW7/1UhbUvO9fIQ5hbYSmIa6i3XDzOY8MDNVZrZDg8dYZXFxZagI0mKGOeaYevwo/8d3/wD1g8261/6RMDC3md3M1yDBnzAnWKY5btIFRyQlRbYGBY67O8tyd8MGvJExat5avUhBfNVIfdDZWD3aSLIZF35wfCopsHLP62dhcNYzqkPKsLMVzOjy+VbNcJ69i3LX5QC7vwpqiEMG+c3bNbiU6LMbtXw5xPnNExy0kuAqWXcA6xgeOG+5/nFCnytrq5ltDeweoeqCfP/0WNi9FW2q/OkASjAU6VcemCX9h3qonYrzxHP3o138kQPwdUvXdJrr4PUyddKQZaGxziCn7Kj88Jww==,iv:PYUTTzJRIFP+zke8k0KQwhTiHuTypb998WnZTiyaUxs=,tag:wjWH0OTyDRZ/sUWZjjbu4g==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJN3k2RlFTVjErWGExVEx2\nRW96OUdPT2hHYjE3SVBBTXZibTJtaWp1Y0hNClRXbnAwWFAzUU5JbEFQK0h2QjJZ\nZTNrQlR0WjIrWWZUWENydzFjNDdWdDgKLS0tIG1RQUluOWQxM0IxcUs4K29ZMEpL\nTVZEZyt1OXFsNHJra1Fla1J2NHV5Q0UKBUFbsUthHnT0A9hhroi5E1dkWh6t9PL1\nUyf9zVas9TJC3VJoVx/ngY5BuCBKqpPAirzf656SwQRjxT3otXEAqw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-08-01T15:14:39Z",
|
||||
"mac": "ENC[AES256_GCM,data:yqRT65355uUY9RzwrBu1A+zfQe7T+7Yt4mQRMvbPjFmFctjcirlD9uHvam1zKvDHfHEzXP3ABsUW5rxPMJyz4VoWq8f3R/x30tcUvRHbruqLpO9rsMQfrtRv9dhP7XvbbfgHxoSrveZEY/jdxly3BlhzZlAZidPBdN1P54W186k=,iv:rvwpWYDgThjN7HfRwMoOdztQttOdvvmJpz8heuY/Wpk=,tag:XrW4Q/LnhpQzl3WZab0K7w==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
12
apps/seija/anko/services.yaml
Normal file
12
apps/seija/anko/services.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: anko
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: anko
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
1
apps/seija/kakigoori/.gitignore
vendored
Normal file
1
apps/seija/kakigoori/.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
local_settings.py
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: kakigoori
|
||||
spec:
|
||||
replicas: 2
|
||||
replicas: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kakigoori
|
||||
@@ -14,19 +14,9 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: kakigoori
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: location
|
||||
operator: In
|
||||
values:
|
||||
- fsn
|
||||
containers:
|
||||
- name: kakigoori
|
||||
image: "git.remilia.ch/remilia/kakigoori:main"
|
||||
image: "git.prettysunflower.moe/prettysunflower/kakigoori:main"
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8001
|
||||
@@ -44,8 +34,13 @@ spec:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- name: kakigoori-static
|
||||
image: "git.prettysunflower.moe/prettysunflower/kakigoori-static:main"
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8002
|
||||
- name: anubis
|
||||
image: ghcr.io/techarohq/anubis:v1.20.0
|
||||
image: ghcr.io/techarohq/anubis:v1.21.3
|
||||
env:
|
||||
- name: "BIND"
|
||||
value: ":8080"
|
||||
@@ -100,4 +95,4 @@ spec:
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.96.226.96
|
||||
- 100.94.59.38
|
||||
15
apps/seija/kakigoori/local_settings.sops.py
Normal file
15
apps/seija/kakigoori/local_settings.sops.py
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:UMX8MYPO1RflZPKojuA9SilofYszsKxLgGp4ZzE220toa2/NSTSVmMSUfi8fN5hDpLjfzH4TvYOtkG3sMLeWqFOhcT39kJ0ZC0UuWoG6fOd2/AaWH3cRWpTB4YMyuSMzbP5yJzBs3KKXqMWV8dnuRBi6YBCYy0SpdM+AyFT98n9EaNcPOFRpmwNnwm06uJJK28y9t+jBGVo3GjX9ql8NxN7bYL19lsuX0rXY7HOXUODBsNrTcvFnk7VTc535my4ZY2i2eiBqGk09bDDXvTTlc5dvOB53YZF4Gfd2poNJ6It6/0ieQDtuR4QA5uViYbwkwlxgGpxukkG+zHiej0nyhahtkKB2JHjPCXQMwg3lVG5TzdGOXcm5irNNmb7PSrgRJ2Q8K1tVTvBT3VQG7bfoyDZk09m1dT3qJWBOD0qK/ccdHZ5zv1yttznSOP0m8bJ4WqwyrRQYKPZn+VDSgSKTknoGhKGWqZse7KP0A4+dhyAJ8ad1TsjzscblT5vZMutwwM/P7RMKndNJ9+4xK2rK19SjHtagYHosQk9lSxwRtd3GD6YvlIpmzwsQmsNyFoxSriwOuaKzjqYsMfs115lKwt9eB3lpxOEes0MwPzV2qpbFZ+btyFAxboJ3CDNYZFP3+DQA3JF5LKm9W5w2/GAuLxIunWX3aVwS8uoU1VvPMZO5An80xJ/WY+j7bwlQ9c7PKuWzyf+MY281eH0IGfkRolcCyx7zZY8v07OlcJl9mwvTGz/hCovW4Tm2sdMAyBSX9NWKp564KWxPod1dgqqD85JrGwKjEBWdvDXDuESDY4abupWOkFk1GIOKLj+eBE90NqRd7NocNz/n0JSZ4P2O4FTL6aXV5o/XXDiQqS68XvjR8rV1WJkF2XeykR4vb+2v29gUXs3RpizgZAfSxmCv4ElGOCnzEEy9P5Cl5tybAB6YZVfUKEg4vIW3IeDhXpcKDLqK/s7mjWCzoqSfRl06tv7Di8qhKhLJsXhaSSehXsK6tRrA8uavjvImbqqobhsyl9sU6b5uZJ+L3ZNAyuOfXhNpHAfhKHaoyVIKcjq3qVIGSWwOh1mUlFJ9igcEtcJa+Bpx77wlnz0Pa8SgW1Zy8syHqQTSlK6kk4eONtV5u/YiwwEN4V6ij5RWpFb5hU/EcEHH/6fm9wpheIKHA9AsBICoWbgkhLaP6l0dafUCHljdPKIMKgw=,iv:hPYe0IZTrbOgv4kx9AQBW2XQXSpkl1u2AiOfrBo6Qec=,tag:ZVa6dWQ9LisqE3t7HoDrYg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxVE1kUVVMS2Y3alZ1emRK\nY2pFNy9YSkQxUk1JYVc5WlJydnViMTRvSVR3CnBzQVBkc0xtTjlWRDVWRmRpRVFj\nMFVCcmhSSmxja1hlcVliUzN4VG8ybkEKLS0tIE1Lb2F1cmtaOWdZeXdWTGx4am41\nekU2QmF4cUZ3NHBHSWVFQUl5dlpxV2cKno4+rzcGMYvrTWhmj0ujS3ZW39Obp5nq\nxTIWHPBRca/0SyR40qEPX9EN9pMcNq8xXhjZEHYK/EdVvugDUHPmJQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-08-01T15:14:39Z",
|
||||
"mac": "ENC[AES256_GCM,data:m0o7jv4cbncwms/0d9jTeFUy/pj0kGhloziaGAlRsV4rymoGOnEi3vhgnaQI5Os9BlDz0nEPIUtSFaI+mNDu47o6bQrE2/nW/wfKb4Dqn8T7MOOrVXEUNlPNzQeN5hcq/9seT0K7SUHjM6yP2z1GGB5/n1tHDN9s3h8LYjhZWEc=,iv:AwnGCn4BOYcfNrMZVfLtcKXOxSf7WaPsvhgq9jK2aMw=,tag:Iz48/U+GdmsrEITXyj4UWg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
25
apps/seija/kakigoori/secrets.sops.yaml
Normal file
25
apps/seija/kakigoori/secrets.sops.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-kakigoori-key
|
||||
type: Opaque
|
||||
data:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:uCkxRql6P1SHVge7/dbDgIV23Z3B07StGFv8+kyRwLErFw0vTve84X7bRUmr02hE4YOjpl6jMpQAJ0Qo+imig2lD9s+WxjUiDX4J0sSmDKDilyzM5pv2Ag==,iv:W7AjPkQgoNvvftQY3VGTjLLPAg9ESyAYvc2y5BDZPes=,tag:Hv1HRIHSTlrYuqZ68kpExw==,type:str]
|
||||
stringData:
|
||||
THOTH_URL: ENC[AES256_GCM,data:AdmjabT+EqnQzYLj6P1ErHpSadpda71wbQc1gNFKRCJln3UH,iv:WEl/d7kQtZfyQnQM/whoo9+yDr56ooSuu1qbnw5ABog=,tag:lr/aIliV627dA6p4RE3A3Q==,type:str]
|
||||
THOTH_TOKEN: ENC[AES256_GCM,data:MeHglukM/Mo/ulrG/GHAtmeVq54XGbhQoTeCHVvjJu2hHz6KYswvLXUorXAMo50eTa8VO0B29nnmi5QJF1LWq3zvGtbEHhpfmlG6PUBc8YZo5SBk0qdHlNEfyPVbz8D3mOqYtkC8UlyISqXm0UG83PCI8AfVXtkS0xNK0c5C9F5Dv5mF3ySPeL4g8/DLWbj6zSIzxOD++BKcCwSZzSPD/4msWtbMa4SI7uX6hzSj9XU5SB3Tcklf5DcqNQMEU+mreJqkwpnHNgTHAuvBcKZGCdE5jKLP45oNDUknLUDO7TN31frpx3a4lfQiWF4wfEzeGHrVZC49VP7W5TaB4PMSMKNR9SL0VfKwn4X7ywPcd6DV3FnuAhDDHdhqy3inxAvn9Nx1ITfxQMplS6N/pmvQ4vNZIBETQqLTMJ4=,iv:7SRhXtQxiazK3qBIC7sNISF9TB9TNZsvJnl4uwzADkY=,tag:kIXHV1XzvsAB78T5z24WVg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSXozUmU2U1p1dmNid3VC
|
||||
dEl4NUR2K3VrY0phMm1FVXliRnVMTExPK1hNCmtLK3RTeks2WVhnczZGTE9JVmUv
|
||||
NUdyYVVQSnoyUFBKenUxVW9UYWhlMFUKLS0tICtsTUxIK1A1cUZ0R3NNZXVjN3JJ
|
||||
eGRzK2w4Nmx2aTk4RkI0c1Vwa05XUEkK5jyp5D6GNWcy6RhYVzQSWJWFTENEXwCW
|
||||
ZtpqO/mm3zJHgGv0FKmGbhi3OoADmmjAa6Y0tOBVVmSVac879NngSg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:QTxxC7EjdjCtCPQr4ZrmmbO9zDMJqiDLgE4tKTN4Ig4fUp7bmSLe4J9vML04MksacsEeHxPGv8Z6Quf1ttfX9pUrlJOdiWuCG3jy0zdTEREQMBA6kbfzzNOFKGXCHzaf8StUoj2PVxezt9cM620+aXQzmr2am/vk5Y1YuBD9R80=,iv:7HS2urA8KfzjcvsZgB0+WwdeYsMn0LNjgfdZjmgZY3E=,tag:estlPMPPYVtugZzqqNVyiQ==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -14,4 +14,8 @@ spec:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
name: anubis
|
||||
name: anubis
|
||||
- protocol: TCP
|
||||
port: 8002
|
||||
targetPort: 8002
|
||||
name: static
|
||||
22
apps/seija/mazanoke/deployment.yaml
Normal file
22
apps/seija/mazanoke/deployment.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mazanoke
|
||||
labels:
|
||||
app.kubernetes.io/name: mazanoke
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: mazanoke
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: mazanoke
|
||||
spec:
|
||||
containers:
|
||||
- name: mazanoke
|
||||
image: ghcr.io/civilblur/mazanoke:v1.1.5
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: http
|
||||
3
apps/seija/mazanoke/kustomization.yaml
Normal file
3
apps/seija/mazanoke/kustomization.yaml
Normal file
@@ -0,0 +1,3 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- svc.yaml
|
||||
12
apps/seija/mazanoke/svc.yaml
Normal file
12
apps/seija/mazanoke/svc.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mazanoke
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: mazanoke
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
108
apps/seija/ourfigurecollection/deployment.yaml
Normal file
108
apps/seija/ourfigurecollection/deployment.yaml
Normal file
@@ -0,0 +1,108 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ourfigurecollection
|
||||
labels:
|
||||
app.kubernetes.io/name: ourfigurecollection
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: ourfigurecollection
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ourfigurecollection
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: location
|
||||
operator: In
|
||||
values:
|
||||
- fsn
|
||||
containers:
|
||||
- name: ourfigurecollection-django
|
||||
image: "git.prettysunflower.moe/prettysunflower/ourfigurecollection:main"
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8001
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /ourfigurecollection/ourfigurecollection/local_settings.py
|
||||
subPath: local_settings.py
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- name: ourfigurecollection-static
|
||||
image: "git.prettysunflower.moe/prettysunflower/ourfigurecollection-static:main"
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8002
|
||||
- name: anubis
|
||||
image: ghcr.io/techarohq/anubis:v1.21.3
|
||||
env:
|
||||
- name: "BIND"
|
||||
value: ":8080"
|
||||
- name: "DIFFICULTY"
|
||||
value: "4"
|
||||
- name: ED25519_PRIVATE_KEY_HEX
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: anubis-ourfigurecollection-key
|
||||
key: ED25519_PRIVATE_KEY_HEX
|
||||
- name: "THOTH_URL"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: anubis-ourfigurecollection-key
|
||||
key: THOTH_URL
|
||||
- name: "THOTH_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: anubis-ourfigurecollection-key
|
||||
key: THOTH_TOKEN
|
||||
- name: "METRICS_BIND"
|
||||
value: ":9090"
|
||||
- name: "SERVE_ROBOTS_TXT"
|
||||
value: "true"
|
||||
- name: "TARGET"
|
||||
value: "http://localhost:8001"
|
||||
- name: "OG_PASSTHROUGH"
|
||||
value: "true"
|
||||
- name: "OG_EXPIRY_TIME"
|
||||
value: "24h"
|
||||
resources:
|
||||
limits:
|
||||
cpu: 750m
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: ourfigurecollection-config
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.94.59.38
|
||||
8
apps/seija/ourfigurecollection/kustomization.yaml
Normal file
8
apps/seija/ourfigurecollection/kustomization.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- svc.yaml
|
||||
- secrets.yaml
|
||||
configMapGenerator:
|
||||
- name: ourfigurecollection-config
|
||||
files:
|
||||
- local_settings.py
|
||||
35
apps/seija/ourfigurecollection/local_settings.py
Normal file
35
apps/seija/ourfigurecollection/local_settings.py
Normal file
@@ -0,0 +1,35 @@
|
||||
DATABASES = {
|
||||
"default": {
|
||||
"ENGINE": "django.db.backends.postgresql",
|
||||
"NAME": "ourfigurecollection",
|
||||
"USER": "ourfigurecollection",
|
||||
"PASSWORD": "xxHWl#d$FoYZ54",
|
||||
"HOST": "100.85.208.69",
|
||||
"PORT": "5432",
|
||||
}
|
||||
}
|
||||
|
||||
import sentry_sdk
|
||||
|
||||
ALLOWED_HOSTS = ["ourfigurecollection.moe"]
|
||||
DEBUG = False
|
||||
KAKIGOORI_API_KEY = "63586938-dd4b-4e01-a48a-6344e0bc226b"
|
||||
OIDC_CLIENT_ID = "749bcfb1-ee32-4c79-85b5-92062d7192b3"
|
||||
OIDC_CLIENT_SECRET = "dEhOJ6pvfy3d95Cx7kMq0SHBEgb6romd"
|
||||
OIDC_DISCOVERY_URL = "https://auth.remilia.ch/.well-known/openid-configuration"
|
||||
|
||||
sentry_sdk.init(
|
||||
dsn="https://62638433153873bc2395021d22e96972@o134957.ingest.us.sentry.io/4508270934360064",
|
||||
# Add data like request headers and IP for users;
|
||||
# see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
|
||||
send_default_pii=True,
|
||||
# Set traces_sample_rate to 1.0 to capture 100%
|
||||
# of transactions for tracing.
|
||||
traces_sample_rate=1.0,
|
||||
# To collect profiles for all profile sessions,
|
||||
# set `profile_session_sample_rate` to 1.0.
|
||||
profile_session_sample_rate=1.0,
|
||||
# Profiles will be automatically collected while
|
||||
# there is an active span.
|
||||
profile_lifecycle="trace",
|
||||
)
|
||||
15
apps/seija/ourfigurecollection/local_settings.sops.py
Normal file
15
apps/seija/ourfigurecollection/local_settings.sops.py
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:hiXe9M5GtP3JRe6wDtssYIWWNUZikQPZ9G0Fg1z14SBYGl/aj90jyPHagq17Li7sggmCiOz+7KoAZU6KIZskli6VAl1o1bAZ2VvA8tSZECZSeMWH4e2CUth4UJcO/WXY9/mB7RK7MurduljdZ63VRCXNLoLQiVHEd9gZUi1FrPzCs61RDBmnX4L+YyyDbDOCdHrPFlZZfAdXNR2dfmF5RqS2VI0tfLYp5Mj3pgGkdPN2WfnurOIc1BZd5qeEAan5tk7ihheFCWKSXd5S79jktOpTnj3IDXJuUmwyXTZlr7vCS0DG0NBt8fYhoJit2/8cqdExBPWrgZSF8UHpykzy3rNAM+x2ZTzThGjgP7r4+xyFMxib6ftZ45HKTCbXTHxr3R1V69X59f2lmRcawhhbwaab6Hm5mWkc1YvguUTA1aTZI8nXoDI86t+Mpr/6ANtye95IKuipf9E1UKd69ixqKJDLIWHq3ACYRfSWIj6RVxdnuKD33toFuqCxQDtp30MRx0n7Dt0JOzd7hSUSSHJVKG22nDfgbJuh+WpjJYg4WP+DeAVpze5mvBO7zzccgsmdsSRbgvQnMQg4xARgudPHx/EYjjOkE/wUgG6hBOWieYf+IAqyUok3A8uKFNfo+OGP1Z6CMv5pAXpYUHTqdP4IIZADrfYbcP1IngP8Jrp0QNXWcbpd7YZ8Nvn1ZlKfH2N6wPfbRy0rgvahLyyI1Y+U58ST0YApD9Q8c2+2f/bUHSrakmN0XupiWNcD6qXrkH0hIUOSjf7xt/0whMegy2grjWq//z3TMX1EMDkBU2IPhf4SfKJAQ06BXKXlgk0YYWNKDpgKN/JSpl12LdFrCEb2itmGaWcr1tQIuL8lru4itio5RnOv8aWFEsEST7IBpe0VSZd6lQj0TlR2NlmQGAwHpWNK1wZIi6LNOJ+83im8iJPt02ftkkAhd+cnehBrJ7z2C2/AUydZmRtetpx73cUMbSxgBhTyRadX7CAeX9QjKKQdPtFJBPVrzk1IeLQMMQ7G6ZSFLMoEYRLwYUGfd2hk6ByYWOV1FwsTBomnGepvmU4w4IoqXoCc93JEXtfN6088u4yhoV59a4gh2fYLuO2+Wj9/Yq5Lf8caGlBUQV7jxADIqNJy6uUVuClyTFvM0EmtsLOv/8V+IZDYyXkUnNBRKWgxFpw2uSrXu565P7M7fi6UbwVIcw3iT3ZnE5/VvTpg1uApXm4HAYtcggquHSAoQUIvgdm0bk2ziWvobd+k75AHDLiwzNoYbmWot8nUbBonj9wQP9ZU6emVOHmXpicYZtTSrBo19AP9C5rHcUrHEn7hsZjnI87xpH+hm+7mhuw1ABazejB/cJUUCgD2Hyl7xzCyYrJgCJMMvdqsTyeMd8/GOuMsCHNmzQ12qiZIhJ2quwgjN7CX6njMZfDxfT6gsRdSXf7QzyiDwJzgyxBUZmU/zTf3c6bJwIoboER4tj+f2u9N96sn95Vl3s/0Dpk+heoyPW/vTAecn+xG8nc+diy7HMKV/5A4kC9D6PCyOJY2urdpORV+lE+ZtSKnoG4E5s1cM/1WS5RwPFoQ4vow/ak19EEJ+EM8kUEiV6wqVf3luRtX7o7EmyhJnf6JpPqimp302RVrN8T++Liax/lG2qoI9DrKwxQ7+Fn0t09pEt+YT4xY9A==,iv:q5fwz79dUVNACKMumBSOXxERaZEe8iKVWoH5KtY7Gt4=,tag:S4FuGdwqVBiBYjiXsSZS4g==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZUo4ajYwM0FPaERucHp5\nNzZ4YnFyWGk3bVJJMERHN3R0L01DK240RDE4CnF3Vm5YOExGR0Q2Y0dVbnJLY1dE\nZWp3YzdOVSs5MzJGamhOMnQ5aGxxOGcKLS0tIGdNOWs4M1JOSHF6UGNqcGhjSDU1\nM29mV2NqdXdYbFhOcUVJdkNQaTdFZjAK8Ar6uNmqILAY0vKLAKWz22UlK+rtq+RY\nfwWmH214H7NpH14oVo12QBaxmCmBGViZ3nqZOfUjPuyj4+XH2h/mPw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-08-01T15:14:39Z",
|
||||
"mac": "ENC[AES256_GCM,data:/zCBKvWg7tZ1EcWfzJz6OHgc1ivwhwe2RXk2C8MtXVunux+5iBIvuPhXjvzk8HM69OIORUO6BONhSndoke22OnTyCNcKthZDB4nUNjnYhRANvY9AF40FaGgtFBp0JlSw9JmdMroYG5h3RVpR4elageAXQ5+MFjYfEgrzu5/WM44=,iv:QAbOb3DxEhNJsc7v3XTSRESHWuo8AKxoVGc6VtPH7fM=,tag:4OHRkdKSuOgLOwlsnXQA1g==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
24
apps/seija/ourfigurecollection/secrets.sops.yaml
Normal file
24
apps/seija/ourfigurecollection/secrets.sops.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-ourfigurecollection-key
|
||||
type: Opaque
|
||||
stringData:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:GwzcwBDoqpRFTDb3a8EfXA7s4PbP/8fRAhAquZ4UqF0KfxYLC+LINrbC2QZBw9GJ+dmBhrcQdhOQTs/xjqKgZA==,iv:jpoaxCcFzMLvp4ufHp/gSAOcdyY5wFPFijJutiKCYyw=,tag:Jrr+mGqbrVOMU9T/KifMTg==,type:str]
|
||||
THOTH_URL: ENC[AES256_GCM,data:vunzJyjSlABbt7gDu6bdeFrcbMs0zUC8RalMwRZaQS5pjC7G,iv:i3SPt8UvVGfOrtW52zWbf0JvxWb2EHElx2bS+HRgVBk=,tag:QtRQ1CMJlwvGO5R0JDq3+A==,type:str]
|
||||
THOTH_TOKEN: ENC[AES256_GCM,data:9NBsVhUknOKhAzWrU0NnNcZSi7irbyap/DmGrMrXHKfkRfsZW6NG2WHNGMxBBGYKtUGRD2ll1c4xpIjWKnFYqjwZrXiVfyUxrRfiv9N14DPQ1ZXWFkq8EwYf8zS9FmTwaNP0IWGDiWHRHE8dTFvGlBJsAypHKowpvHd/n/zlsezTw7fuOt4x6qCFj3CNfa9Pppnrw1YOvW2yeg++xRrgLPu4bZjgiO8CO/NFyoeRaQrK2HRxWN/dHf/L4dzBD41V3qEiqRnhkIl5OzHIXpV4kwN9bb+cfHX927YynYcEUGO+Rp/WaXULBkYLtR0oTpDm+tcLG249/yIRqv8PIpwA5wtdyQ0hrIYAkqWUMXClWfQ9AZyEjI88q09gL/AkeQZm86yIBgXgTV3YrFaVYL8HlUzEXyNn+N6MWBY=,iv:puVjeU3m1+XRtPuuVlLpWtNXlPRFvqgHERdolyAznFw=,tag:rglI0v6KsiVeB8KSAXf0kA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaEhoSDNGb01DbU1rLzRu
|
||||
TFZXYmFpUmtCampEaXhOdFFhWERNcHM1QzB3Ckd3MTFRVGc2RkdjWWZSL25iUkhl
|
||||
cHRvYUZJMTgvR1o5ZW1CTlJVVExGdXMKLS0tIGo2WFpFTTdLQXQvRFA2bzZWRFdJ
|
||||
Q21NczVzUURFMHpKYzFIRU1zSk9GUkUKhWZxxQiwmfDaH3V/LMJMaD8RXTLqyA0s
|
||||
/p7Mlo+bPuJspHmwRrE7+PwhlI+7Ms7QoFb8w4rYCJYxuPt4zjbaZg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:ybKM7h8qU/tiiDKK5FUhI+vb9ooXcVE95WAZEjer7dSr29bjtKOMDsPykd0Kkd/qaauhXAE0PDveTqF1kLekRDZ0Iz+zuso6jbszTI1SUNtr4KlKwAnHMy0bBlwz0eCZh0xSwRkuGQIhcEuxnEBhnxUYnoRYEgfg5wCyv5BsG2c=,iv:eyOvXE1NHwf3aWBaDdfGjEoWkHOygH4hbbjEEPnOYrA=,tag:8sQKcaD3xFE40MBFQOUF6w==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
21
apps/seija/ourfigurecollection/svc.yaml
Normal file
21
apps/seija/ourfigurecollection/svc.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ourfigurecollection
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: ourfigurecollection
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8001
|
||||
targetPort: 8001
|
||||
name: ourfigurecollection
|
||||
- protocol: TCP
|
||||
port: 8002
|
||||
targetPort: 8002
|
||||
name: ourfigurecollection-static
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
name: anubis
|
||||
@@ -20,7 +20,7 @@ spec:
|
||||
claimName: pocketid-pvc
|
||||
containers:
|
||||
- name: pocketid
|
||||
image: ghcr.io/pocket-id/pocket-id:v1.6.2-distroless
|
||||
image: ghcr.io/pocket-id/pocket-id:v1.6.4-distroless
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 1411
|
||||
@@ -7,5 +7,5 @@ spec:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
storageClassName: seaweedfs-storage
|
||||
storage: 1Gi
|
||||
storageClassName: hcloud-volumes
|
||||
@@ -2,11 +2,10 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: prettysunflower-website
|
||||
namespace: prettysunflower-website
|
||||
labels:
|
||||
app.kubernetes.io/name: prettysunflower-website
|
||||
spec:
|
||||
replicas: 3
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prettysunflower-website
|
||||
@@ -30,7 +29,7 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8001
|
||||
- name: anubis
|
||||
image: ghcr.io/techarohq/anubis:latest
|
||||
image: ghcr.io/techarohq/anubis:v1.21.3
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: "BIND"
|
||||
@@ -40,18 +39,28 @@ spec:
|
||||
- name: ED25519_PRIVATE_KEY_HEX
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: anubis-key
|
||||
name: anubis-prettysunflower-website-key
|
||||
key: ED25519_PRIVATE_KEY_HEX
|
||||
- name: "METRICS_BIND"
|
||||
value: ":9090"
|
||||
- name: "SERVE_ROBOTS_TXT"
|
||||
value: "true"
|
||||
value: "false"
|
||||
- name: "TARGET"
|
||||
value: "http://localhost:3334"
|
||||
- name: "OG_PASSTHROUGH"
|
||||
value: "true"
|
||||
- name: "OG_EXPIRY_TIME"
|
||||
value: "24h"
|
||||
- name: "THOTH_URL"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: anubis-prettysunflower-website-key
|
||||
key: THOTH_URL
|
||||
- name: "THOTH_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: anubis-prettysunflower-website-key
|
||||
key: THOTH_TOKEN
|
||||
resources:
|
||||
limits:
|
||||
cpu: 750m
|
||||
@@ -68,4 +77,8 @@ spec:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
type: RuntimeDefault
|
||||
dnsPolicy: "ClusterFirst"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.94.59.38
|
||||
@@ -1,5 +1,4 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- services.yaml
|
||||
- secrets.yaml
|
||||
- namespace.yaml
|
||||
- secrets.yaml
|
||||
48
apps/seija/prettysunflower-website/secrets.sops.yaml
Normal file
48
apps/seija/prettysunflower-website/secrets.sops.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: prettysunflower-website-secret
|
||||
type: Opaque
|
||||
data:
|
||||
GOOGLE_API_KEY: ENC[AES256_GCM,data:1uT8yL5qURx0AebaHsES+aFDFlkTJvw5ZTulaE5qvM4hX0jKBUliS6eRaNfhBv61OhwrVg==,iv:qXA7RqB6kNAwFypgw6L7I/tw/sDv6KWocoIl7aL0p7U=,tag:E6riohbDajSBBD4Idfr4Ww==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNXYzZko0alNNbzFjOGFx
|
||||
QjlzaFpDUEZTVTFERTllWEpod0tJQmRSa0NrClJOZklwWVVxbFNCUGNkZXZZNXlq
|
||||
dkxlbDdLcVBkeW5kOG1uTkRoSVAvdzgKLS0tIHEweEhQTzJjeGZaV0haM3FNWERj
|
||||
Ly9kK1M5d2ZxZW54b3g3UFRwbU1lRWcKe+Py0wqoVpFlz0xfppqkt3mjImETjHIC
|
||||
j7sgaS7A4LuoZzz2o1EHPMNX/p52dbvALuHl8rGDPws8KYXSlBdSkw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:g2s45a8iYu4XmaM9uP5RNTw6zGGoX5XeNInUhahW+wT18nTtV5PgArc1GhoT5qBnH7Sxqj9vH5Acxpkm3tDW3JtnUpP5kzsWLb1fnREvDaPuLtuDJPmg9AB/e3jFqmlBP7dPQS7lyDjr/vEt9ZbBTLJYyyYU23nIQ7Ud/xQAkGc=,iv:orx6TxfqjARJSqYfapCTDL7Gzzh03f7iUgszASrLG+w=,tag:F/ATF2hS9RDFdz42DGmtgw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-prettysunflower-website-key
|
||||
type: Opaque
|
||||
data:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:thZ1Sr1m/+v2Jpx3iQJdVGzQb3UGzNhK4NDfD9VAjilqjJPezUrTWWHBGB3FIWBU3zpDhKrHiIsRXCAZMT0KiZp7gQoxhZo8/hQ0qhqEMLz0bVmJl5u1Yg==,iv:WLczR4XmlSYuX4fSPDO0E/FXBtJg7pQ2LpTerKo7CtM=,tag:x1j7+GEK4ZqqXiGcxP2qlA==,type:str]
|
||||
stringData:
|
||||
THOTH_URL: ENC[AES256_GCM,data:EMIUHi9+iVvBn+7AUnEqf70+lDUoRv4Z5kKhdyS9+EXPlXvd,iv:2IfNBYZZTJY9JNIUDJV2DowhYJ948eMFZlJVn+C3lzs=,tag:D+rVsMrLANnqGdLcH6suGA==,type:str]
|
||||
THOTH_TOKEN: ENC[AES256_GCM,data:I0p+265aa0mXMDQBNR8x2pXZOeyj/dy2W7J94qMGMD61S+ZxGHSgEx2V3LwsE6gRE3Na7rxmi2euNRq12bElZpfO1A2Tp/R9k9BRSxgDFB6K24nefczanP6e86lRcJbYwGWkiSFAj7MHvKCEsJLkUMgVOKnkOzd5L2RBCdffy7X+CK4u/YhxzYbsjHzQCNvZRsYu4Lw09oaCbOWmufriIzWBTtrJIh9r6bXetl2S6qvExPGFHAYnwiKXfWU3jYRAI1eb6TkrOGNbw9k0jfQhcTJ7y+y244FzKjsIrWd6O/vlnjnQOgcSMSqHOnuCvq7ieHylbsAki9PIN4ggpSMm4EXOFbbfanOu3evnaa6dCfN4Gbh05BO+zpP/xHJfhdNZPQX2dFoEbn9BqR1rwKeRHLANLckDaSc0T+c=,iv:aYwFsHukdQb7fiRRshaVLBWXDkxQTzMpgp5cPMa4NlQ=,tag:CqoHqoEydqLFOjOKNhlNyA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNXYzZko0alNNbzFjOGFx
|
||||
QjlzaFpDUEZTVTFERTllWEpod0tJQmRSa0NrClJOZklwWVVxbFNCUGNkZXZZNXlq
|
||||
dkxlbDdLcVBkeW5kOG1uTkRoSVAvdzgKLS0tIHEweEhQTzJjeGZaV0haM3FNWERj
|
||||
Ly9kK1M5d2ZxZW54b3g3UFRwbU1lRWcKe+Py0wqoVpFlz0xfppqkt3mjImETjHIC
|
||||
j7sgaS7A4LuoZzz2o1EHPMNX/p52dbvALuHl8rGDPws8KYXSlBdSkw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:g2s45a8iYu4XmaM9uP5RNTw6zGGoX5XeNInUhahW+wT18nTtV5PgArc1GhoT5qBnH7Sxqj9vH5Acxpkm3tDW3JtnUpP5kzsWLb1fnREvDaPuLtuDJPmg9AB/e3jFqmlBP7dPQS7lyDjr/vEt9ZbBTLJYyyYU23nIQ7Ud/xQAkGc=,iv:orx6TxfqjARJSqYfapCTDL7Gzzh03f7iUgszASrLG+w=,tag:F/ATF2hS9RDFdz42DGmtgw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
17
apps/seija/prettysunflower-website/services.yaml
Normal file
17
apps/seija/prettysunflower-website/services.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: prettysunflower-website
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: prettysunflower-website
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
name: anubis
|
||||
- protocol: TCP
|
||||
port: 8001
|
||||
targetPort: 8001
|
||||
name: website-static
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: privatebin
|
||||
spec:
|
||||
replicas: 2
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: privatebin
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
persistentVolumeClaim:
|
||||
claimName: privatebin-data-pvc
|
||||
containers:
|
||||
- image: privatebin/nginx-fpm-alpine:1.7.8
|
||||
- image: privatebin/nginx-fpm-alpine:2.0.0
|
||||
name: privatebin
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
@@ -39,7 +39,7 @@ spec:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- name: anubis
|
||||
image: ghcr.io/techarohq/anubis:v1.20.0
|
||||
image: ghcr.io/techarohq/anubis:v1.21.3
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: "BIND"
|
||||
@@ -9,4 +9,4 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: seaweedfs-storage
|
||||
storageClassName: hcloud-volumes
|
||||
22
apps/seija/privatebin/secrets.sops.yaml
Normal file
22
apps/seija/privatebin/secrets.sops.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: anubis-key
|
||||
type: Opaque
|
||||
data:
|
||||
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:q3PMIrTi5TldN4oF/2wNnEwWdq68WBv9kZ3mtDjmFH/hkRLZO+Y1ZLvG0dmZgMm7k5Tvbbjf6pBKe9ox47TPhESK6Qz1gxl2hACsJ6cAycE9mga7x+9z/Q==,iv:+wHNRoBUmFZLs+HC9aShBN8S6we1lm0x1ZaCr6r2UjI=,tag:M2xu08kbDxSbo56FMDjwGw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTXJRakl6SkZhUjBPZ2Vl
|
||||
T1JiRWdVeVBaTkJyM1FPMVRJMitxcWE1elc4CkhJWTE1dld1b1B6UW5ma1ZKUUx6
|
||||
OFpSOVlLTmlmckZhY3UzWWNvQWwzeTAKLS0tIE81VDErQ1ZJS0c4eUdRdWVtK0VN
|
||||
S1c5c2xWOEFRUmJIUEEzMVJySGw0TU0KtYdoI8VCOXii18w01y/hoH2PI0TWrhmj
|
||||
jbI9zCNklJj14BWd2nKaE68DZDfRkFFNWWJn/DW63i3913WvYL8Rrw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:wi5IaZU1WDUbzD3bcMETjad1En1e4fBBVGytK+IxmbwacpYYbRoRSvlnNMp/0ydwtZ7e0kUJRGqyYv7B9xuwxy3PVVnaYi4ecrP+Mjf4REp2zYWP88XcqgIsNKI1buXi4DCBzmL1L9o1nuuq8zTAkxwORcp/UYzzs4xYl+nHiiA=,iv:FB2FvdEFXETI9w8uCt3FzEMI+C4cYdYH82feo31aRa0=,tag:CgwnkAcBoislS0C+BBMduQ==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: s3yuyuko
|
||||
storageClassName: hcloud-volumes
|
||||
resources:
|
||||
requests:
|
||||
storage: 3Gi
|
||||
storage: 3Gi
|
||||
@@ -8,4 +8,4 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: seaweedfs-storage
|
||||
storageClassName: hcloud-volumes
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: znc-service
|
||||
name: znc
|
||||
spec:
|
||||
type: NodePort
|
||||
selector:
|
||||
@@ -10,10 +10,8 @@ spec:
|
||||
- protocol: TCP
|
||||
port: 4921
|
||||
targetPort: 4921
|
||||
nodePort: 30004
|
||||
name: https
|
||||
- protocol: TCP
|
||||
port: 4922
|
||||
targetPort: 4922
|
||||
nodePort: 30008
|
||||
name: http
|
||||
12
apps/sekibanki/etherpad/configmap.yaml
Normal file
12
apps/sekibanki/etherpad/configmap.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: etherpad-config
|
||||
data:
|
||||
TITLE: "🌻 Etherpad"
|
||||
DEFAULT_PAD_TEXT: "Welcome to Etherpad! This pad text is provided by the prettysunflower collective, and is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents! Get involved with Etherpad at https://etherpad.org"
|
||||
DB_TYPE: "postgres"
|
||||
DB_HOST: "100.110.40.2"
|
||||
DB_PORT: "5432"
|
||||
TRUST_PROXY: "true"
|
||||
AUTOMATIC_RECONNECTION_TIMEOUT: "5"
|
||||
48
apps/sekibanki/etherpad/deployment.yaml
Normal file
48
apps/sekibanki/etherpad/deployment.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: etherpad
|
||||
labels:
|
||||
app.kubernetes.io/name: etherpad
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: etherpad
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: etherpad
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: location
|
||||
operator: In
|
||||
values:
|
||||
- fsn
|
||||
containers:
|
||||
- name: etherpad
|
||||
image: etherpad/etherpad:2.3.2
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
name: http
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: etherpad-config
|
||||
- secretRef:
|
||||
name: etherpad-secrets
|
||||
volumeMounts:
|
||||
- name: etherpad-images
|
||||
mountPath: /opt/etherpad-lite/src/static/skins/colibris/images
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.94.59.38
|
||||
volumes:
|
||||
- name: etherpad-images
|
||||
persistentVolumeClaim:
|
||||
claimName: etherpad-images-pvc
|
||||
BIN
apps/sekibanki/etherpad/fond.jpg
Normal file
BIN
apps/sekibanki/etherpad/fond.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 382 KiB |
6
apps/sekibanki/etherpad/kustomization.yaml
Normal file
6
apps/sekibanki/etherpad/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- configmap.yaml
|
||||
- secrets.yaml
|
||||
- svc.yaml
|
||||
- pvc.yaml
|
||||
12
apps/sekibanki/etherpad/pvc.yaml
Normal file
12
apps/sekibanki/etherpad/pvc.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: etherpad-images-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 256M
|
||||
storageClassName: nfs-csi
|
||||
23
apps/sekibanki/etherpad/secrets.sops.yaml
Normal file
23
apps/sekibanki/etherpad/secrets.sops.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: etherpad-secrets
|
||||
type: Opaque
|
||||
stringData:
|
||||
DB_USER: ENC[AES256_GCM,data:7WsYKis9VNc=,iv:aRg6zjaV+VEs1ARvUae9UoJmpdskJGqHfoBj26gwVuM=,tag:Q4xcgsGll21P+3N6Dl4QQw==,type:str]
|
||||
DB_PASS: ENC[AES256_GCM,data:6E8red1AoGSil76y/qA=,iv:62onFPPixTNud6f3BSJfs5Ngg6ssniWSjrrs/jP2EgQ=,tag:xHZijllAXM6p/fD/X07AhA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUVF5eC9tcllZWnZXeHRJ
|
||||
QXUxTVJRWFluT290UXZuZXNNTWhzMlNaUTBFCkJ4SXU2bEhRRnpUcWhvT0ZzWEhm
|
||||
VDhZY0MvUTNFWVRORnhYQzZNRTJyVTAKLS0tIDdiZy9lZ0dkaEdML3FiYTU0ak1B
|
||||
YVdaRTFyMHZGeW9kQ2h0dGhUREpvYlkK6SIwcPJ1X00LswwraYjOmT4gMM99nbOR
|
||||
+T6/mnRXOs3uaxw5eiYNePtSmFHtj20kCvcMiMMlSaON065IRCAlyQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:erEGQThfM/YmohwdCVui5j4RBwX8VARho/dbrH23GJaYLyZ4NzikmFJssQ2i/CAKER7vpWi+E0naX9wGGV1ZnxrIZ1zV4tobW9ByLGK13YZy+cN2g/UevDg1gmeGM2V0E+K0KjfNxEjzorec1hZak/pd1pZmC809p/NArcgOgrQ=,iv:l5Z7MhearEXLuJvq5LzwYfaojYT6syfJmsgRqvUwkM0=,tag:l25WLY7GW8Cma6o0sg+Oxg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
12
apps/sekibanki/etherpad/svc.yaml
Normal file
12
apps/sekibanki/etherpad/svc.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: etherpad
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: etherpad
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
@@ -13,7 +13,7 @@ data:
|
||||
GITEA__server__STATIC_ROOT_PATH: /usr/share/webapps/gitea
|
||||
GITEA__server__APP_DATA_PATH: /var/lib/gitea/data
|
||||
GITEA__server__LFS_START_SERVER: "true"
|
||||
GITEA__server__SSH_DOMAIN: git.default.svc.yakumo.prettysunflower.moe
|
||||
GITEA__server__SSH_DOMAIN: git.default.svc.sekibanki.prettysunflower.moe
|
||||
GITEA__server__DOMAIN: git.prettysunflower.moe
|
||||
GITEA__server__HTTP_PORT: "3000"
|
||||
GITEA__server__ROOT_URL: https://git.prettysunflower.moe/
|
||||
@@ -23,7 +23,7 @@ data:
|
||||
GITEA__server__PUBLIC_URL_DETECTION: auto
|
||||
GITEA__database__DB_TYPE: postgres
|
||||
GITEA__database__SSL_MODE: disable
|
||||
GITEA__database__HOST: 100.75.132.10:5432
|
||||
GITEA__database__HOST: 100.110.40.2:5432
|
||||
GITEA__database__NAME: gitea
|
||||
GITEA__database__SCHEMA: public
|
||||
GITEA__database__LOG_SQL: "false"
|
||||
@@ -61,4 +61,4 @@ data:
|
||||
GITEA__security__PASSWORD_HASH_ALGO: argon2
|
||||
GITEA__cache__ADAPTER: redis
|
||||
GITEA__cache__HOST: redis://127.0.0.1:6379/0
|
||||
GITEA__cache_0X2E_last_commit__COMMITS_COUNT: "1"
|
||||
GITEA__cache_0X2E_last_commit__COMMITS_COUNT: "1"
|
||||
@@ -14,16 +14,6 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: location
|
||||
operator: In
|
||||
values:
|
||||
- fsn
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
@@ -38,9 +28,9 @@ spec:
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.96.226.96
|
||||
- 100.94.59.38
|
||||
containers:
|
||||
- image: docker.gitea.com/gitea:1.24.2-rootless
|
||||
- image: docker.gitea.com/gitea:1.24.3-rootless
|
||||
name: gitea
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -8,8 +8,8 @@ spec:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 5G
|
||||
storageClassName: seaweedfs-storage
|
||||
storage: 50G
|
||||
storageClassName: nfs-csi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
@@ -21,16 +21,4 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 64M
|
||||
storageClassName: seaweedfs-storage
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gitea-tigris-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 50G
|
||||
storageClassName: tigris
|
||||
storageClassName: nfs-csi
|
||||
30
apps/sekibanki/gitea/secrets.sops.yaml
Normal file
30
apps/sekibanki/gitea/secrets.sops.yaml
Normal file
@@ -0,0 +1,30 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-secrets
|
||||
type: Opaque
|
||||
stringData:
|
||||
GITEA__server__LFS_JWT_SECRET: ENC[AES256_GCM,data:P5l16VPEWVprV+X9b7jvj5pDJBlsgkeCns0+gas27/pmTAb/Ycb3wUjXcw==,iv:a8tuqx69VbfvFFKaFqTi8EXAU+SxdfEUGSx/kwQJJDA=,tag:myOcjL0mwyeZY/hSAS9jUQ==,type:str]
|
||||
GITEA__database__USER: ENC[AES256_GCM,data:gcQGvHU=,iv:4uWJM01I8eLKMPd9B4fzaubQBzjtvxB5U2/6d1E1shw=,tag:p88TImSbsxwLAjZJi5/Vdw==,type:str]
|
||||
GITEA__database__PASSWD: ENC[AES256_GCM,data:YX12yodQeeR6xL3CjmY=,iv:XGWxSQ1y5gVPH3KUH0ztu9rm1iIS2kYcbAGwqaSagRQ=,tag:KCI/LFgMemSisDBNGW6ALg==,type:str]
|
||||
GITEA__mailer__USER: ENC[AES256_GCM,data:+FHF+pTCxJksKdJ6MnugmnrLUSW2Fw==,iv:4iraGweo5tHCSUlNTzsek/LWVWPTMAJtoAv6T1Api5k=,tag:S5KiehMulO0OBHbgCY6+YA==,type:str]
|
||||
GITEA__mailer__PASSWD: ENC[AES256_GCM,data:nSXJWeklF7H+s0ZIXc9gBA==,iv:KU5UdjnN/XDLtm8ZOK2FrYMYGqTwjTMu1tfOYLdZrEk=,tag:onzG9TjcdZOjLgXguCS8pw==,type:str]
|
||||
GITEA__storage__MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:EgMcewHGGqIGjyUrulkUnphby+7khJbf9ndUfWfs9QGaqf6vMNvkYB725cE1ve91bwaNBLccT/fhjzesl2T2K37IsJxyC6TnuVYw,iv:wFMqdIHo0LBjwY6hl3SyvoTSnCzb0YueA9M5MTL15TE=,tag:TL7uMfdfsyhCQOENgCXQsA==,type:str]
|
||||
GITEA__security__INTERNAL_TOKEN: ENC[AES256_GCM,data:Re7PF5B2nXJlyN+K8Z8rImCbiBI7UNCOwzXdZQtcYR7y5QrMgaajwLYW7Q+DTZvxE2V25oQqSPZz2dEMSFMVYZqZfbm3jRvqprtBmZ87EK91zC1zKYR9p3RKd7Yycve6YQ74UBSDtVGa,iv:j2lmCHab2SFEBKcnnUR66JZV4QivuVNeQYEjxX/5sJs=,tag:abDXKUn+IfQ3LqJu+oH7tg==,type:str]
|
||||
GITEA__security__SECRET_KEY: ENC[AES256_GCM,data:bDJtII3GivacAqUZptGCravYY11toAbMUFiubdcWbNODLepqRek/lX8GN7BrE/6wQUnQ+MgGCQ4dY7ReVJiRZw==,iv:MjMBhcRMTA4ajDp/n0kW2Gw2oVNo+CfeliNfxjz6INs=,tag:KvcN0FJA2U6ICiP0oNpQwA==,type:str]
|
||||
GITEA__oauth2__JWT_SECRET: ENC[AES256_GCM,data:2QRMvdVF9t0LCK3fS5TphoKKzdXJsWoOdcpksi9pijSD0kCJjgdLmd8pDw==,iv:eDBBPwKvmKg/JoisqhKf/xQaDZVhTPxo+Gc83em7+2U=,tag:kaLClrMzoRh21QINlpzCag==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeDBMcnd1YnhnV1FYL0xv
|
||||
YVpsOVJoeXRLbXkrODFYMzdjTXRMMXhIekFRCldoUTZwd1hvTUE5NlJVN0tBQ3Zy
|
||||
Q3dqS3RWVWRxaFpYMzhyUW5Bb1U1dmcKLS0tIHc2aXZvMmJmSGNHWnFoR0dMNG1i
|
||||
ZE1OMjZWaGVkamU5ejZkT2p3U0czblEKkcH5lIkxtZQE7uwWVz+VgHqNE9cvsw1v
|
||||
6zk2WA0a6NXEh4T5DjZ4/vHaKaBubCESy5Q4BhXPy4JF4WTQsKHaZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:QI6hjWjt7Yp2sTKBUNolLKrMQwVYTpPSrcynNwIDcu5Tc+ZdacoBO6uzPPMDtJqy5Z91zKuJ13YWIOexlxrpGsaGPMNJXDrcR0G+Tn0woVMH4layew1qIGOSxKifcHmhk5HisDYJAm2uVWK356D1zyowzzgKYAx33/BxwQcFvDk=,iv:U2hDy+v3W8bTUjDHBkh3DM8Zuy/+iG1IFX14t4u/4IA=,tag:+5CFGEPVp/uI0k9sJ9io5w==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: glance
|
||||
spec:
|
||||
replicas: 2
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: glance
|
||||
@@ -40,7 +40,10 @@ pages:
|
||||
- type: search
|
||||
search-engine: https://kagi.com/search?token=ygXAizA-9gY.ejxyFYbeHxOWVxBYgxMGtJPmAeu1pi1DCtOVTW5yFd8&q={QUERY}
|
||||
autofocus: true
|
||||
- type: hacker-news
|
||||
- type: group
|
||||
widgets:
|
||||
- type: lobsters
|
||||
- type: hacker-news
|
||||
- type: bookmarks
|
||||
groups:
|
||||
- title: Internal
|
||||
10
apps/sekibanki/gotosocial/configmap.yaml
Normal file
10
apps/sekibanki/gotosocial/configmap.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gotosocial-config
|
||||
data:
|
||||
GTS_HOST: fedi.prettysunflower.moe
|
||||
GTS_ACCOUNT_DOMAIN: prettysunflower.moe
|
||||
GTS_TRUSTED_PROXIES: "10.217.0.0/16"
|
||||
GTS_INSTANCE_LANGUAGES: en,fr
|
||||
GTS_ACCOUNTS_ALLOW_CUSTOM_CSS: "true"
|
||||
76
apps/sekibanki/gotosocial/deployment.yaml
Normal file
76
apps/sekibanki/gotosocial/deployment.yaml
Normal file
@@ -0,0 +1,76 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gotosocial
|
||||
labels:
|
||||
app.kubernetes.io/name: gotosocial
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: gotosocial
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: gotosocial
|
||||
spec:
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: gotosocial-pvc
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.94.59.38
|
||||
containers:
|
||||
- image: docker.io/superseriousbusiness/gotosocial:0.19.1
|
||||
name: gotosocial
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /gotosocial/storage
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gotosocial-config
|
||||
- secretRef:
|
||||
name: gotosocial-secrets
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /livez
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 30
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: http
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
6
apps/sekibanki/gotosocial/kustomization.yaml
Normal file
6
apps/sekibanki/gotosocial/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
resources:
|
||||
- configmap.yaml
|
||||
- deployment.yaml
|
||||
- pvc.yaml
|
||||
- secrets.yaml
|
||||
- svc.yaml
|
||||
12
apps/sekibanki/gotosocial/pvc.yaml
Normal file
12
apps/sekibanki/gotosocial/pvc.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gotosocial-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 10G
|
||||
storageClassName: nfs-csi
|
||||
24
apps/sekibanki/gotosocial/secrets.sops.yaml
Normal file
24
apps/sekibanki/gotosocial/secrets.sops.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gotosocial-secrets
|
||||
type: Opaque
|
||||
stringData:
|
||||
GTS_DB_ADDRESS: ENC[AES256_GCM,data:sKvwupL1RPRtAQo9,iv:CwLusQGTtW5nK4b1/NFSj43nGGq32k0pHiJcCXYGe8A=,tag:YNoJTJ9DSK5T+3NMXj8I4Q==,type:str]
|
||||
GTS_DB_USER: ENC[AES256_GCM,data:OU9yAGCGSqRriw==,iv:Kap7wCUCngZmJzr52sKOEPrJM3ji4KkQ6p/Bzy/rCuk=,tag:5WfOgAQsZGQy17G9XrYPpw==,type:str]
|
||||
GTS_DB_PASSWORD: ENC[AES256_GCM,data:YRnOT3NBzqzMoKpPj0CI,iv:GTVDkvFDAgKX3L2CQisgnY8YYEzY6vCMsuSXlfx2uG8=,tag:lPeqQyv2b4k5uO0txCBzMA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBR0tVSTJQOVFJL3VPMkpx
|
||||
UzRSdEVlMHFsVVZuVGxjT25lWkJtbC9UTlVvCjROYVM2c2J1SG9xVnJGTkEwSjRm
|
||||
Mmt2WXcyUUN4dVRrWkRKOWt1cG1sZ3cKLS0tIGg0ZDB1SEVoaWE3NzVJZUZEd2Mx
|
||||
Z2VzbWUwb3RubGZzbjFwU0NUR1lwcEUKEVTNx2hhOf2E2mZ+gaXbC15kmO/XeXDQ
|
||||
09ceL43qqH1q8U0S2wheCaom8iMTaqB+QkZopR43CHkKyDJ199jqUQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:D6jRF76S0Dq0oA6z/qxODtjx9ZcLNDkQohKH0B1lEaOhqkG+mQMyztJD2siHRK3Jm+ZtNFd20aQyHZFLK4jixwSTS0RnRhafqzBkV6XqabtXvdH9g6Ko92Kb8hP6nwaRSZ5u9Wogl5CVT8a03vlaMyvIpih0/xRhOW2bwcv9XgM=,iv:oIqUUY7fyGuMhVbQ83m5C8k8A5sPyiJkmUnF//BEwgg=,tag:LvngBlycWTDOuP+8ELFC6w==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
@@ -1,14 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: teable
|
||||
namespace: teable
|
||||
name: gotosocial
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: teable
|
||||
app.kubernetes.io/name: gotosocial
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 3000
|
||||
targetPort: http
|
||||
name: http
|
||||
12
apps/sekibanki/karakeep/configmap.yaml
Normal file
12
apps/sekibanki/karakeep/configmap.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: karakeep-config
|
||||
data:
|
||||
MEILI_ADDR: http://127.0.0.1:7700
|
||||
MEILI_NO_ANALYTICS: "true"
|
||||
BROWSER_WEB_URL: http://127.0.0.1:9222
|
||||
DATA_DIR: /data
|
||||
NEXTAUTH_URL: https://karakeep.prettysunflower.moe
|
||||
CRAWLER_FULL_PAGE_ARCHIVE: "true"
|
||||
DB_WAL_MODE: "false"
|
||||
61
apps/sekibanki/karakeep/deployment.yaml
Normal file
61
apps/sekibanki/karakeep/deployment.yaml
Normal file
@@ -0,0 +1,61 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: karakeep
|
||||
labels:
|
||||
app.kubernetes.io/name: karakeep
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: karakeep
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: karakeep
|
||||
spec:
|
||||
volumes:
|
||||
- name: karakeep-data
|
||||
persistentVolumeClaim:
|
||||
claimName: karakeep-pvc
|
||||
containers:
|
||||
- name: karakeep
|
||||
image: ghcr.io/karakeep-app/karakeep:0.26.0
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: karakeep-config
|
||||
- secretRef:
|
||||
name: karakeep-secrets
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: http
|
||||
volumeMounts:
|
||||
- name: karakeep-data
|
||||
mountPath: "/data"
|
||||
subPath: "karakeep"
|
||||
- name: chrome
|
||||
image: gcr.io/zenika-hub/alpine-chrome:123
|
||||
command:
|
||||
- chromium-browser
|
||||
- --headless
|
||||
- --no-sandbox
|
||||
- --disable-gpu
|
||||
- --disable-dev-shm-usage
|
||||
- --remote-debugging-address=0.0.0.0
|
||||
- --remote-debugging-port=9222
|
||||
- --hide-scrollbars
|
||||
- name: meilisearch
|
||||
image: getmeili/meilisearch:v1.13.3
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: karakeep-config
|
||||
- secretRef:
|
||||
name: karakeep-secrets
|
||||
volumeMounts:
|
||||
- name: karakeep-data
|
||||
mountPath: "/meili_data"
|
||||
subPath: "melisearch"
|
||||
dnsPolicy: "ClusterFirst"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.94.59.38
|
||||
6
apps/sekibanki/karakeep/kustomization.yaml
Normal file
6
apps/sekibanki/karakeep/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- svc.yaml
|
||||
- pvc.yaml
|
||||
- secrets.yaml
|
||||
- configmap.yaml
|
||||
@@ -1,11 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: technitium-data-pvc
|
||||
name: karakeep-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storage: 100Gi
|
||||
storageClassName: nfs-csi
|
||||
24
apps/sekibanki/karakeep/secrets.sops.yaml
Normal file
24
apps/sekibanki/karakeep/secrets.sops.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: karakeep-secrets
|
||||
type: Opaque
|
||||
stringData:
|
||||
NEXTAUTH_SECRET: ENC[AES256_GCM,data:MpvitHAtZoS+f+auRZkNmIE3X7T4DJs3c00c/VeIuIlMu+jnCh0328HsmBFLBORJ,iv:jJLAy0yHqklTdj97P+KByUmyq4TlnPyGVAkSxEYZZFc=,tag:Wu1K+N1Lblo+u/R4PD4rUg==,type:str]
|
||||
MEILI_MASTER_KEY: ENC[AES256_GCM,data:zUh/jb2a6YMkLMQe958h+jmy7akDSbZ6p2nf5LBT+oedDXNUcWje430mmFwJTFNy,iv:4slMeHbKmvEudt0VBYgpMzQcyluDb//mGnYgvuRs/6k=,tag:xj0GAS3HP5lOvmz++JxMyg==,type:str]
|
||||
OPENAI_API_KEY: ENC[AES256_GCM,data:ILi5vUmqBCIvq5A7iztlGy6pEcdzcATSTZqqTatAOLLIADQZ4GiKg1XkAzDZ8RnqJO6c9Sq52w79esY6cyvUkKvHV9wM76W42g8TKNe2J2dFvsI/buCUEea/Z5nC5ShBCp8CP9Uybv5JP1WTFhx5TRd38K2d2L0jhh8JJmC5vMcyhELAQQh1d6HzaQb50OIMPP+doqGDgRIYPCDuuATujsG1ahJtRhc=,iv:ZzfaApTTe+vGW/CTFekCzRgajdIvo8krCf1/NKU5s1Q=,tag:hWdqVvgLsubPp+kdQUnkhQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcXBUQ0pJWHczOXZZbDV2
|
||||
Wms0Z2VldHJab0tjT2hWTWN5VzVqV1JLd1VFCmFadXgwVlJ2MWJxZjUzY3VwR2N1
|
||||
eXllU2VycDZZZStPTkVBdk9nMFNBRHcKLS0tIE1McUZGMGFteVo5a3RkZ1U1bGZK
|
||||
MFA2MkJ3MG5wM01CbndCaXprQ29nVTQKHrlm7tD8sK3ekacLDidlfumLFeO3BmbP
|
||||
rbF6nw7qdZziCiMS8XXJn2Ujk0J9Rxs+uH+mNYN03giJkxSyiG+5qA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:E3IquOL9tv4ne8avmSTMFr0c/b/GuAovr2YWo0wriC4pk0DOhM9+qcisP7+mFux1Xs3M5Jxjdd/+fshEOHeyTuTU6DOKJlbLSGu2uTfGQgbTRIv6aPAXCadzkOPsZgHKj4KoRasILr2yIXBZIJ8wUwHbB+1qDvR/fswX8WS+fwA=,iv:WZwWALtyCrDGLFV4y0jqsNiX5gsF/+A5P4oPn4m8f50=,tag:+V/kPPXlIGLQT1KXBLrjQg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
13
apps/sekibanki/karakeep/svc.yaml
Normal file
13
apps/sekibanki/karakeep/svc.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: karakeep
|
||||
spec:
|
||||
type: NodePort
|
||||
selector:
|
||||
app.kubernetes.io/name: karakeep
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
name: http
|
||||
@@ -9,4 +9,4 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: seaweedfs-storage
|
||||
storageClassName: nfs-csi
|
||||
28
apps/sekibanki/opengist/secrets.sops.yaml
Normal file
28
apps/sekibanki/opengist/secrets.sops.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: opengist-secret
|
||||
type: Opaque
|
||||
data:
|
||||
OG_SECRET_KEY: ENC[AES256_GCM,data:DNMBMUlByIXXhsbgj5ZW0PM+j7SaZwD2+N4m+IRnxRwEKcZltRHUXO0DeEGLm5JaPPJiSevn6mnzHBj4F3TYFEe6Sml+Ic1UI3HlSD+kWOQHWeOrpes7Ww==,iv:mk7CNhMLfOU+M1UNWDS+D/EvBeg6LMDaC5OrrGNPVpk=,tag:5X6Fe0eHW9g82K/hN089qA==,type:str]
|
||||
OG_OIDC_PROVIDER_NAME: ENC[AES256_GCM,data:VHAypLBx0uTUdvCKRUeHYyJ1weA=,iv:NbhtDKlgOJc5oNboubk5OM2v557rzFGyKoZDqWDM6Po=,tag:u5HrGOYytBFtw/AyNjzNVw==,type:str]
|
||||
OG_OIDC_DISCOVERY_URL: ENC[AES256_GCM,data:YKkPta8Sm84gcAeaBB0Ow9lSTsjAl//V9/X4cYP91Kd0HrlWPnH8oVQhMO3Zd+l3xP2JR54rTvXSL1WmzVexOgT/rdi4zZxk4/axFw==,iv:10gbZ1o1gHAZa2fuhHpBYhoqnpqZGQyBv92/WUhbw3k=,tag:+Y5sUVZuuVbgqdFYCo0t0A==,type:str]
|
||||
stringData:
|
||||
OG_OIDC_CLIENT_KEY: ENC[AES256_GCM,data:yA3k+ZuQEVtKiX+LP6RzqEQA5YrC2ptuW3TPheRtiK4V9D7s,iv:mSKWqxrVFbOL4TehvOsGGWB6JZ0JM82UTBeLGgTGi+s=,tag:GrGdUXNnCRnWd4GYUSmM3g==,type:str]
|
||||
OG_OIDC_SECRET: ENC[AES256_GCM,data:PyNtjkb6k10vEOONE8MKUxIE2bpw/fXKrb6V08Lj7c4=,iv:M7PZ//sMyKMCZis170klWA/MzbNv2ZbmZFk7tZfv/v8=,tag:9thD8LBrxrk96VfNCvGUNg==,type:str]
|
||||
OG_DB_URI: ENC[AES256_GCM,data:pG5BouVhEkYY9ppZ1a0mOU7SAlhFhEUQ9glN2DEQusrKx0di8uO6yFSwRQI5KRVJledr4/FWVZgQ4ue23hZK2EHszUl6CCajYuxvJQ==,iv:QCNr1n6/FHtn6SQ/LG6g5CD3A5SS00jlmkGpi0x+2e0=,tag:Ea+cgu2XMx+59EaPpy3Qxg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5VXVna1pxWEIwZzdKVmV5
|
||||
d2pTMFhjNDlMSEk0cFNJbERzTWpoVHFNWm5zCjVlY1hXaFIxMkprb0lmcHJqczh1
|
||||
OUQzL0Y5TEdFcjhUcmhXSi9TYzAzc0UKLS0tIEFwaVhNRzh4b3dCS0xJM0k4UmxH
|
||||
VGpVQ3BleFFXN0JjWVpsajJqOEJEVWMK5FNyCviCLmahYyIPvibySwSaZlk+q/BM
|
||||
RP3EVRuRfK+0eqjZHFcmisOC9n0eDj0Q4TRzQfAG/5EYwhl8HIV8Lw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:q+4Z9foIB5t/rm5os0CalpWt+nqBV6Mamzq/pQK6oXPp0c0E884O19PE8rZOdNIf4G0LMeCL1nKbMICfcnv0VGnI5wUp6+bsRYXUzmRr0EImjNjqV2ok6nkkZNB/FquaqiYAjP6X8ntYO1anjMnlMVYQNgJOWFikTZUNB0ug6G8=,iv:Or6Dcz2YW9M2Mr8fCzcdEhC9aB4COzh1lbSC/7m17lo=,tag:W/tgGcnl63VGrr48Aw/vLQ==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
29
apps/sekibanki/outline/configmap.yaml
Normal file
29
apps/sekibanki/outline/configmap.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: outline-config
|
||||
data:
|
||||
NODE_ENV: production
|
||||
PGSSLMODE: disable
|
||||
REDIS_URL: redis://127.0.0.1:6379
|
||||
URL: https://wiki.prettysunflower.moe
|
||||
PORT: "3000"
|
||||
FILE_STORAGE: s3
|
||||
FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000"
|
||||
AWS_REGION: auto
|
||||
AWS_S3_UPLOAD_BUCKET_URL: https://t3.storage.dev
|
||||
AWS_S3_UPLOAD_BUCKET_NAME: prettysunflower-wiki
|
||||
AWS_S3_FORCE_PATH_STYLE: "true"
|
||||
AWS_S3_ACL: private
|
||||
OIDC_AUTH_URI: https://auth.remilia.ch/authorize
|
||||
OIDC_TOKEN_URI: https://auth.remilia.ch/api/oidc/token
|
||||
OIDC_USERINFO_URI: https://auth.remilia.ch/api/oidc/userinfo
|
||||
OIDC_LOGOUT_URI: https://auth.remilia.ch/api/oidc/end-session
|
||||
OIDC_USERNAME_CLAIM: preferred_username
|
||||
OIDC_DISPLAY_NAME: Auth prettysunflower
|
||||
OIDC_SCOPES: openid profile email
|
||||
DEFAULT_LANGUAGE: en_US
|
||||
RATE_LIMITER_ENABLED: "true"
|
||||
RATE_LIMITER_REQUESTS: "1000"
|
||||
RATE_LIMITER_DURATION_WINDOW: "60"
|
||||
FORCE_HTTPS: "false"
|
||||
64
apps/sekibanki/outline/deployment.yaml
Normal file
64
apps/sekibanki/outline/deployment.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: outline
|
||||
labels:
|
||||
app.kubernetes.io/name: outline
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: outline
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: outline
|
||||
spec:
|
||||
hostAliases:
|
||||
- ip: "100.113.193.5"
|
||||
hostnames:
|
||||
- "mail.prettysunflower.moe"
|
||||
volumes:
|
||||
- name: valkey-data
|
||||
persistentVolumeClaim:
|
||||
claimName: valkey-outline-pvc
|
||||
containers:
|
||||
- name: outline
|
||||
image: docker.getoutline.com/outlinewiki/outline:0.85.1
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: http
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: outline-config
|
||||
- secretRef:
|
||||
name: outline-secret
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- image: valkey/valkey:8.1.3-alpine
|
||||
name: valkey
|
||||
command: ["valkey-server"]
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
protocol: TCP
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- name: valkey-data
|
||||
mountPath: "/data"
|
||||
6
apps/sekibanki/outline/kustomization.yaml
Normal file
6
apps/sekibanki/outline/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- configmap.yaml
|
||||
- secrets.yaml
|
||||
- svc.yaml
|
||||
- pvc.yaml
|
||||
11
apps/sekibanki/outline/pvc.yaml
Normal file
11
apps/sekibanki/outline/pvc.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: valkey-outline-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: nfs-csi
|
||||
28
apps/sekibanki/outline/secrets.sops.yaml
Normal file
28
apps/sekibanki/outline/secrets.sops.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: outline-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
SECRET_KEY: ENC[AES256_GCM,data:zoadiee6r+eBUnt/b0hh25P9QZfjHy7ayAif6jdXO9LDNbakeoM+g4GDavioDkFY0NJLaXIBllwjHYJm8jzufg==,iv:oTIJMcFAPlpcVYBHa8grkSeyz9tv2/VZtlO7YhlxE/4=,tag:SLPBQKYwEcJdBn9/gedjUw==,type:str]
|
||||
UTILS_SECRET: ENC[AES256_GCM,data:q6spGJkw3KINizrBFn9XdMqpBCmeWG9pUWHDnhXWfRG3H2ZWwBEqc8DVvIEfjnETtMh0adHh9FP+zi+BKjBegg==,iv:h7sMjSO/hQBT/tmqd+It3wxPgO6fUQ4RGQmT3JeNnAE=,tag:m04+dAX2q20QeDwXoTatog==,type:str]
|
||||
DATABASE_URL: ENC[AES256_GCM,data:gkT46vh0OPga38NULb9dG6z33IsJ2r76qkYs3f4C+HaZPRvTlRer4Xve5fXCM7VY44KVtviKo+Yw+Q==,iv:DxsMqNmHFGyhqleleUE8jlBglQtF76J9s3cziskBiIg=,tag:bFUErLHP2jEOB9ZTq85Uxw==,type:str]
|
||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:klyyWd1mDCti8O/WmsugF1WdJhoIRoYCIlzWjko8+zbIVzYkP3UiC5Ol3luf6pGkNwK9V1Ke,iv:4fShu8gnUGfsTw7ZjN0lro59/YyzbARpm24+N+0W2tU=,tag:SB5xVD/ZZ5AibiT2DWIUhQ==,type:str]
|
||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:xPbpQgFUwGXyzWOPS83OnblEa/962keAMJ5Rgc4YJccqpaFc+h0TTz1KYr2Kx/jMt8VEyd+WTVxHlkOdIK9Czkwika1CR0CYwzlS,iv:M4/+5RFEmhq7W7eUEigX+369cxTZKPmxxV9zQPT0EGE=,tag:Llc9+UsZpDQfXAguzsjiCg==,type:str]
|
||||
OIDC_CLIENT_ID: ENC[AES256_GCM,data:MVfKjQgTy28mb4DsE/JyuWuu5A9nrN3bg0ECx+zdbGDWPvmZ,iv:sU8j7EePuYzpJ7bwQmAjGKD1mlJFFI4OtFf66MfoSWs=,tag:0Pg1ZruZNV1XYwo1D9WULQ==,type:str]
|
||||
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:1hPq1s2LTQmN/THsgVfZntqCx8YrLXFFEXHW0m0JnfM=,iv:eNLlJcUkOLjbbouamA+y7T2d/BGXgEkoS7GYEoVGi/w=,tag:UxDhthu9jaUpRGvZsfbXVw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc2pFK0pNZjhrU0lVK041
|
||||
QUFBT01sMHFyZnNldUFCU20xMUVaT0ZhMFJrCjZrWmllQWQ5Tjc1TVFuSDF1cmgr
|
||||
OGdYQkI3TDFOd2kxL3pqelM4WjdYNTgKLS0tICsxNVN2emY4azBvZnM0ZDFMMXJL
|
||||
OTQ1YmU1RFByeTM3ckFXS3JnRGphVU0K5F14e9Yja6tNHp1iiN6DNX57bokZIKjC
|
||||
WosPe865F+Lie6GBv1hRzRKQuR0scl1Q7p3kC9tFgNbV52s4wFASHg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T15:14:39Z"
|
||||
mac: ENC[AES256_GCM,data:OeuEllidHzi6FsLgqH+CI60FUlHshF593L0cRrz7EvnCRzVDqwuBophXjMp0NWWc4fwheLEmkI2v4oCBfyYzf21Bnk02DPeJBGd30BpCmjIcc3b9iHEo6KlBLPFzveUHOBBQ5S2IWX8EBeBrwu29x5IhgQcpttXKtmqCditGTz0=,iv:Ganr6VovP8bM9mVC7wFo/KSkwrHFXigK8riEuX3F6vM=,tag:l01vl0e0wUiDY1SkX8xXhw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.10.2
|
||||
13
apps/sekibanki/outline/svc.yaml
Normal file
13
apps/sekibanki/outline/svc.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: outline
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: outline
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
name: http
|
||||
10
apps/sekibanki/planka/configmap.yaml
Normal file
10
apps/sekibanki/planka/configmap.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: planka-config
|
||||
data:
|
||||
BASE_URL: https://kanban.prettysunflower.moe
|
||||
OIDC_ISSUER: https://auth.remilia.ch
|
||||
OIDC_CLIENT_ID: eb200a8b-5b93-4b77-a070-1081481270a1
|
||||
OIDC_IGNORE_ROLES: "true"
|
||||
OIDC_ENFORCED: "true"
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user